CVE-2017-7395

Опубликовано: 27 мар. 2017

Источник: redhat

CVSS3: 6.5

Описание

In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.

An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages, resulting in denial of service.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	tigervnc	Affected
Red Hat Enterprise Linux 7	fltk	Fixed	RHSA-2017:2000	01.08.2017
Red Hat Enterprise Linux 7	tigervnc	Fixed	RHSA-2017:2000	01.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-190

https://bugzilla.redhat.com/show_bug.cgi?id=1438701tigervnc: Integer overflow in SMsgReader::readClientCutText

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2017-7395

CVSS3: 6.5

ubuntu

больше 8 лет назад

In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.

CVE-2017-7395

CVSS3: 6.5

nvd

больше 8 лет назад

In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.

CVE-2017-7395

CVSS3: 6.5

debian

больше 8 лет назад

In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by c ...

GHSA-mmcm-g586-7f43

CVSS3: 6.5

github

больше 3 лет назад

In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.

openSUSE-SU-2017:1028-1

suse-cvrf

больше 8 лет назад

Security update for tigervnc

6.5 Medium

CVSS3