FS#57570 - [libvncserver] CVE-2018-7225
Attached to Project:
Arch Linux
Opened by Karol Babioch (kbabioch) - Monday, 19 February 2018, 15:52 GMT
Last edited by Jan de Groot (JGC) - Tuesday, 05 November 2019, 11:16 GMT
Opened by Karol Babioch (kbabioch) - Monday, 19 February 2018, 15:52 GMT
Last edited by Jan de Groot (JGC) - Tuesday, 05 November 2019, 11:16 GMT
|
Details
An issue was discovered in LibVNCServer through 0.9.11.
rfbProcessClientNormalMessage() in rfbserver.c does not
sanitize msg.cct.length, leading to access to uninitialized
and potentially sensitive data or possibly unspecified other
impact (e.g., an integer overflow) via specially crafted VNC
packets.
|
This task depends upon
Closed by Jan de Groot (JGC)
Tuesday, 05 November 2019, 11:16 GMT
Reason for closing: Fixed
Additional comments about closing: 0.9.12
Tuesday, 05 November 2019, 11:16 GMT
Reason for closing: Fixed
Additional comments about closing: 0.9.12