BDU:2018-01493

Уязвимость функции rfbProcessClientNormalMessage() кроссплатформенной библиотеки LibVNCServer, позволяющая нарушителю вызвать отказ в обслуживании и получить несанкционированный доступ к конфиденциальным данным

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2018-7225

Published: 2018-02-19
Modified: 2024-11-21

CVE-2018-7225

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.0

Package libvncserver update in sisyphus on 2019-08-27

ALT-PU-2019-2544-1

Closed vulnerabilities

BDU:2018-01493

CVE-2018-7225