Published: 19/02/2018 Updated: 09/08/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An issue exists in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution up to and including 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC packet.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vncterm project vncterm

Debian Bug report logs - #898453 vncterm: CVE-2018-7226: integer overflow in vcSetXCutTextProc in VNConsolec Package: src:vncterm; Maintainer for src:vncterm is Peter Spiess-Knafl <dev@spiessknaflat>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 11 May 2018 19:54:02 UTC Severity: grave Tags: sec ...

An issue was discovered in vcSetXCutTextProc() in VNConsolec in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0910 Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC packet ...

CWE-190 https://github.com/LibVNC/vncterm/issues/6 http://openwall.com/lists/oss-security/2018/02/18/2 https://security.gentoo.org/glsa/201908-05 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898453 https://nvd.nist.gov

CVE-2018-7226

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect