Описание
LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libvncserver | fixed | 0.9.11+dfsg-1.2 | package | |
| italc | removed | package | ||
| italc | fixed | 1:3.0.3+dfsg1-1+deb9u1 | stretch | package |
| ssvnc | fixed | 1.0.29-5 | package | |
| ssvnc | fixed | 1.0.29-4+deb10u1 | buster | package |
| ssvnc | fixed | 1.0.29-3+deb9u1 | stretch | package |
| tightvnc | fixed | 1:1.3.9-9.1 | package | |
| tightvnc | fixed | 1:1.3.9-9deb10u1 | buster | package |
| tightvnc | fixed | 1:1.3.9-9+deb9u1 | stretch | package |
| veyon | fixed | 4.1.4+repack1-1 | package |
Примечания
https://github.com/LibVNC/libvncserver/issues/251
https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-031-libvnc-infinite-loop/
Связанные уязвимости
LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM
LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM
LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM
LibVNC before commit c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c contains a CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows attacker to consume excessive amount of resources like CPU and RAM
Уязвимость библиотеки LibVNC, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании