Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-0904

Опубликовано: 02 мая 2011
Источник: redhat
CVSS2: 3.5
EPSS Низкий

Описание

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4kdenetworkWill not fix
Red Hat Enterprise Linux 4vinoWill not fix
Red Hat Enterprise Linux 5kdenetworkWill not fix
Red Hat Enterprise Linux 5vinoWill not fix
Red Hat Enterprise Linux 6kdenetworkNot affected
Red Hat Enterprise Linux 6libvncserverNot affected
Red Hat Enterprise Linux 6vinoFixedRHSA-2013:016921.01.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=694455vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests

EPSS

Процентиль: 76%
0.01021
Низкий

3.5 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-0904

ubuntu
больше 14 лет назад

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.

nvd логотип

CVE-2011-0904

nvd
больше 14 лет назад

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.

debian логотип

CVE-2011-0904

debian
больше 14 лет назад

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver ...

github логотип

GHSA-5c7f-3fp9-p3v4

github
больше 3 лет назад

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.

oracle-oval логотип

ELSA-2013-0169

oracle-oval
больше 12 лет назад

ELSA-2013-0169: vino security update (MODERATE)

EPSS

Процентиль: 76%
0.01021
Низкий

3.5 Low

CVSS2