Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-6054

Опубликовано: 23 сент. 2014
Источник: redhat
CVSS2: 6
EPSS Средний

Описание

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

A divide-by-zero flaw was found in the way LibVNCServer handled the scaling factor when it was set to "0". A remote attacker could use this flaw to crash the VNC server using a malicious VNC client.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kdenetworkNot affected
Red Hat Enterprise Linux 6kdenetworkNot affected
Red Hat Enterprise Linux 6libvncserverFixedRHSA-2014:182611.11.2014
Red Hat Enterprise Linux 7libvncserverFixedRHSA-2014:182611.11.2014
Red Hat Enterprise Linux 7kdenetworkFixedRHSA-2014:182711.11.2014

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-369
https://bugzilla.redhat.com/show_bug.cgi?id=1144291libvncserver: server divide-by-zero flaw in scaling factor handling

EPSS

Процентиль: 97%
0.43841
Средний

6 Medium

CVSS2

Связанные уязвимости

ubuntu
почти 11 лет назад

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

nvd
почти 11 лет назад

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

debian
почти 11 лет назад

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...

github
около 3 лет назад

The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier allows remote attackers to cause a denial of service (divide-by-zero error and server crash) via a zero value in the scaling factor in a (1) PalmVNCSetScaleFactor or (2) SetScale message.

oracle-oval
больше 10 лет назад

ELSA-2014-1827: kdenetwork security update (MODERATE)

EPSS

Процентиль: 97%
0.43841
Средний

6 Medium

CVSS2