CVE-2017-7393

Опубликовано: 27 мар. 2017

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.

A double free flaw was found in the way TigerVNC handled ClientFence messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientFence messages, resulting in denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	tigervnc	Not affected
Red Hat Enterprise Linux 7	fltk	Fixed	RHSA-2017:2000	01.08.2017
Red Hat Enterprise Linux 7	tigervnc	Fixed	RHSA-2017:2000	01.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=1438697tigervnc: Double free via crafted fences

EPSS

Процентиль: 81%

0.0152

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2017-7393

CVSS3: 8.8

ubuntu

больше 8 лет назад

In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.

CVE-2017-7393

CVSS3: 8.8

nvd

больше 8 лет назад

In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.

CVE-2017-7393

CVSS3: 8.8

debian

больше 8 лет назад

In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an a ...

GHSA-6qmp-qcvf-x3pr

CVSS3: 8.8

github

больше 3 лет назад

In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.

openSUSE-SU-2017:1028-1

suse-cvrf

больше 8 лет назад

Security update for tigervnc

EPSS

Процентиль: 81%

0.0152

Низкий

6.5 Medium

CVSS3