Published: 01/04/2017 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tigervnc tigervnc 1.7.1

Debian Bug report logs - #859259 tigervnc: CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396 Package: src:tigervnc; Maintainer for src:tigervnc is TigerVNC Packaging Team <pkg-tigervnc-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 1 Apr 2017 10:21 ...

Buffer overflow in ModifiablePixelBuffer::fillRectA buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service (CVE-2017-5581) VNC server can crash when TLS handshake terminates early:A denial of service fla ...

CWE-772 https://github.com/TigerVNC/tigervnc/pull/436/commits/dccb5f7d776e93863ae10bbff56a45c523c6eeb0 https://github.com/TigerVNC/tigervnc/pull/436 http://www.securityfocus.com/bid/97305 https://access.redhat.com/errata/RHSA-2017:2000 https://security.gentoo.org/glsa/201801-13 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859259 https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2017-879.html

CVE-2017-7396

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect