Published: 19/02/2018 Updated: 23/10/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An issue exists in LibVNCServer up to and including 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libvncserver project libvncserver
debian debian linux 7.0
debian debian linux 9.0
debian debian linux 8.0
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 17.10
redhat enterprise linux server aus 7.6
redhat enterprise linux server eus 7.5
redhat enterprise linux server eus 7.6
redhat enterprise linux server tus 7.6
redhat enterprise linux desktop 7.0
redhat enterprise linux server 7.0
redhat enterprise linux workstation 7.0

Synopsis Moderate: libvncserver security update Type/Severity Security Advisory: Moderate Topic An update for libvncserver is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...

Debian Bug report logs - #894045 libvncserver: CVE-2018-7225 Package: src:libvncserver; Maintainer for src:libvncserver is Peter Spiess-Knafl <dev@spiessknaflat>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Mar 2018 19:18:02 UTC Severity: grave Tags: fixed-upstream, patch, security, upstream ...

LibVNCServer could be made to crash, expose sensitive information, or run programs if it received specially crafted network traffic ...

Alexander Peslyak discovered that insufficient input sanitising of RFB packets in LibVNCServer could result in the disclosure of memory contents For the oldstable distribution (jessie), this problem has been fixed in version 099+dfsg2-61+deb8u3 For the stable distribution (stretch), this problem has been fixed in version 0911+dfsg-1+deb9u1 ...

Improper input sanitization in rfbProcessClientNormalMessage in rfbservercAn issue was discovered in LibVNCServer through 0911 rfbProcessClientNormalMessage() in rfbserverc does not sanitize msgcctlength, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (eg, an integer overflow) via spe ...

An issue was discovered in LibVNCServer through 0911 rfbProcessClientNormalMessage() in rfbserverc does not sanitize msgcctlength, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (eg, an integer overflow) via specially crafted VNC packets ...

CWE-190 https://github.com/LibVNC/libvncserver/issues/218 http://www.openwall.com/lists/oss-security/2018/02/18/1 http://www.securityfocus.com/bid/103107 https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html https://usn.ubuntu.com/3618-1/https://access.redhat.com/errata/RHSA-2018:1055 https://www.debian.org/security/2018/dsa-4221 https://security.gentoo.org/glsa/201908-05 https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html https://usn.ubuntu.com/4547-1/https://usn.ubuntu.com/4573-1/https://usn.ubuntu.com/4587-1/https://access.redhat.com/errata/RHSA-2018:1055 https://usn.ubuntu.com/3618-1/https://nvd.nist.gov

CVE-2018-7225

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect