Home

CVE-2018-7225

Description

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
4.263

Associated Vulnerability

VulnerabilityOS Platform
vnc server library (USN-3618-1) libvncclient1_0.9.11+dfsg-1ubuntu0.1_i386.debLinux
vnc server library (USN-3618-1) libvncclient1_0.9.11+dfsg-1ubuntu0.1_amd64.debLinux
vnc server library (USN-3618-1) libvncserver1_0.9.11+dfsg-1ubuntu0.1_i386.debLinux
vnc server library (USN-3618-1) libvncserver1_0.9.11+dfsg-1ubuntu0.1_amd64.debLinux
(RHSA-2018:1055) Moderate: libvncserver security update libvncserver-0.9.9-12.el7_5.i686.rpmLinux
(RHSA-2018:1055) Moderate: libvncserver security update libvncserver-0.9.9-12.el7_5.x86_64.rpmLinux
(RHSA-2018:1055) Moderate: libvncserver security update libvncserver-devel-0.9.9-12.el7_5.i686.rpmLinux
(RHSA-2018:1055) Moderate: libvncserver security update libvncserver-devel-0.9.9-12.el7_5.x86_64.rpmLinux
SUSE-SU-2018:0830-1(SUSE Linux Enterprise Server 12-SP2 ) LibVNCServer-debugsource-0.9.9-17.5.1.x86_64.rpmLinux
SUSE-SU-2018:0830-1(SUSE Linux Enterprise Server 12-SP2 ) libvncclient0-0.9.9-17.5.1.x86_64.rpmLinux
SUSE-SU-2018:0830-1(SUSE Linux Enterprise Server 12-SP2 ) libvncclient0-debuginfo-0.9.9-17.5.1.x86_64.rpmLinux
SUSE-SU-2018:0830-1(SUSE Linux Enterprise Server 12-SP2 ) libvncserver0-0.9.9-17.5.1.x86_64.rpmLinux
SUSE-SU-2018:0830-1(SUSE Linux Enterprise Server 12-SP2 ) libvncserver0-debuginfo-0.9.9-17.5.1.x86_64.rpmLinux
SUSE-SU-2018:0875-1(SUSE Linux Enterprise Server 11-SP4 ) LibVNCServer-0.9.1-160.3.1.x86_64.rpmLinux
didact tool which allows teachers to view and control computer labs (USN-4547-1) italc-client_3.0.3+dfsg1-3ubuntu0.1_i386.debLinux
didact tool which allows teachers to view and control computer labs (USN-4547-1) italc-client_3.0.3+dfsg1-3ubuntu0.1_amd64.debLinux
didact tool which allows teachers to view and control computer labs (USN-4547-1) italc-master_3.0.3+dfsg1-3ubuntu0.1_i386.debLinux
didact tool which allows teachers to view and control computer labs (USN-4547-1) italc-master_3.0.3+dfsg1-3ubuntu0.1_amd64.debLinux
didact tool which allows teachers to view and control computer labs (USN-4547-1) libitalccore_3.0.3+dfsg1-3ubuntu0.1_i386.debLinux
didact tool which allows teachers to view and control computer labs (USN-4547-1) libitalccore_3.0.3+dfsg1-3ubuntu0.1_amd64.debLinux
VNC server for GNOME (USN-4573-1) vino_3.8.1-0ubuntu9.3_i386.debLinux
VNC server for GNOME (USN-4573-1) vino_3.8.1-0ubuntu9.3_amd64.debLinux
VNC server for GNOME (USN-4573-1) vino_3.22.0-3ubuntu1.1_i386.debLinux
VNC server for GNOME (USN-4573-1) vino_3.22.0-3ubuntu1.1_amd64.debLinux
VNC server for GNOME (USN-4573-1) vino_3.22.0-5ubuntu2.1_amd64.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) italc-client_2.0.2+dfsg1-4ubuntu0.1_i386.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) italc-client_2.0.2+dfsg1-4ubuntu0.1_amd64.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) italc-master_2.0.2+dfsg1-4ubuntu0.1_i386.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) italc-master_2.0.2+dfsg1-4ubuntu0.1_amd64.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) libitalccore_2.0.2+dfsg1-4ubuntu0.1_i386.debLinux
didact tool which allows teachers to view and control computer labs (USN-4587-1) libitalccore_2.0.2+dfsg1-4ubuntu0.1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234