An issue exists in LibVNCServer up to and including 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
libvncserver project libvncserver |
||
debian debian linux 7.0 |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 17.10 |
||
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux server eus 7.5 |
||
redhat enterprise linux server eus 7.6 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux workstation 7.0 |