CVE-2017-7394

Опубликовано: 29 мар. 2017

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.

A missing input sanitization flaw was found in the way TigerVNC handled credentials. A remote unauthenticated attacker could use this flaw to make Xvnc crash by sending specially crafted usernames, resulting in denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	tigervnc	Affected
Red Hat Enterprise Linux 7	fltk	Fixed	RHSA-2017:2000	01.08.2017
Red Hat Enterprise Linux 7	tigervnc	Fixed	RHSA-2017:2000	01.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=1438700tigervnc: Server crash via long usernames

EPSS

Процентиль: 86%

0.02813

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2017-7394

CVSS3: 7.5

ubuntu

больше 8 лет назад

In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.

CVE-2017-7394

CVSS3: 7.5

nvd

больше 8 лет назад

In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.

CVE-2017-7394

CVSS3: 7.5

debian

больше 8 лет назад

In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), una ...

GHSA-p2f4-v5gm-9wqj

CVSS3: 7.5

github

больше 3 лет назад

In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.

openSUSE-SU-2017:1028-1

suse-cvrf

больше 8 лет назад

Security update for tigervnc

EPSS

Процентиль: 86%

0.02813

Низкий

7.5 High

CVSS3