Project

General

Profile

Bug #8557

Bug #8556: libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c ((CVE-2018-7225)

[3.8] libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c ((CVE-2018-7225)

Added by Alicha CH over 1 year ago. Updated 10 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
02/23/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access
to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

References:

https://github.com/LibVNC/libvncserver/issues/218
http://www.openwall.com/lists/oss-security/2018/02/18/1

History

#1 Updated by Natanael Copa 12 months ago

  • Target version changed from 3.8.0 to 3.8.1

#2 Updated by Natanael Copa 10 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH 10 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-7225)

Also available in: Atom PDF