Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-7225

Опубликовано: 19 фев. 2018
Источник: debian
EPSS Низкий

Описание

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libvncserverfixed0.9.11+dfsg-1.1package
italcremovedpackage
italcfixed1:3.0.3+dfsg1-1+deb9u1stretchpackage
tightvncfixed1:1.3.9-9.1package
tightvncfixed1:1.3.9-9deb10u1busterpackage
tightvncfixed1:1.3.9-9+deb9u1stretchpackage
vinofixed3.22.0-6package
vinono-dsabusterpackage
vinono-dsastretchpackage

Примечания

  • https://github.com/LibVNC/libvncserver/issues/218

  • https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee

EPSS

Процентиль: 87%
0.03567
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2018-7225

CVSS3: 9.8
ubuntu
больше 7 лет назад

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

redhat логотип

CVE-2018-7225

CVSS3: 5.4
redhat
больше 7 лет назад

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

nvd логотип

CVE-2018-7225

CVSS3: 9.8
nvd
больше 7 лет назад

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

suse-cvrf логотип

SUSE-SU-2018:0875-1

suse-cvrf
больше 7 лет назад

Security update for LibVNCServer

github логотип

GHSA-2v5x-9xhg-52hm

CVSS3: 9.8
github
больше 3 лет назад

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

EPSS

Процентиль: 87%
0.03567
Низкий