Published: 30/06/2020 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

It exists that websockets.c in LibVNCServer before 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libvncserver project libvncserver
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 19.10
canonical ubuntu linux 20.04
opensuse leap 15.1
opensuse leap 15.2
fedoraproject fedora 31
fedoraproject fedora 32
siemens simatic_itc1500_firmware
siemens simatic_itc1500_pro_firmware
siemens simatic_itc1900_firmware
siemens simatic_itc1900_pro_firmware
siemens simatic_itc2200_firmware
siemens simatic_itc2200_pro_firmware

Synopsis Important: libvncserver security update Type / Sévérité Security Advisory: Important Sujet An update for libvncserver is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CV ...

Synopsis Important: libvncserver security update Type/Severity Security Advisory: Important Topic An update for libvncserver is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common V ...

Synopsis Important: libvncserver security update Type/Severity Security Advisory: Important Topic An update for libvncserver is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...

Synopsis Important: libvncserver security update Type/Severity Security Advisory: Important Topic An update for libvncserver is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...

Critical Infrastructure Sectors: Chemical, Critical Manufacturing, Energy, Food and Agriculture, Water and Wastewater Systems

oss-sec mailing list archives   By Date By Thread </form>    Re: libvncserver: old websocket decoding patch   From: Stefan Cornelius & ...

CWE-787 https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433 https://www.openwall.com/lists/oss-security/2020/06/30/2 https://bugzilla.redhat.com/show_bug.cgi?id=1852356 http://www.openwall.com/lists/oss-security/2020/06/30/3 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00020.html https://usn.ubuntu.com/4407-1/http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:3281 https://www.cisa.gov/uscert/ics/advisories/icsa-21-350-12

CVE-2017-18922

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect