CVE-2018-7225

HIGH

Description

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

References

http://www.openwall.com/lists/oss-security/2018/02/18/1

http://www.securityfocus.com/bid/103107

https://access.redhat.com/errata/RHSA-2018:1055

https://github.com/LibVNC/libvncserver/issues/218

https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html

https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html

https://security.gentoo.org/glsa/201908-05

https://usn.ubuntu.com/3618-1/

https://www.debian.org/security/2018/dsa-4221

Details

Source: MITRE

Published: 2018-02-19

Updated: 2019-08-09

Type: CWE-190

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

ID	Name	Product	Family	Severity
131432	Debian DLA-2014-1 : vino security update	Nessus	Debian Local Security Checks	high
130408	Debian DLA-1979-1 : italc security update	Nessus	Debian Local Security Checks	high
127563	GLSA-201908-05 : LibVNCServer: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
127237	NewStart CGSL CORE 5.04 / MAIN 5.04 : libvncserver Multiple Vulnerabilities (NS-SA-2019-0052)	Nessus	NewStart CGSL Local Security Checks	high
120355	Fedora 28 : libvncserver (2018-390001d1c7)	Nessus	Fedora Local Security Checks	high
110828	EulerOS 2.0 SP3 : libvncserver (EulerOS-SA-2018-1176)	Nessus	Huawei Local Security Checks	high
110420	Debian DSA-4221-1 : libvncserver - security update	Nessus	Debian Local Security Checks	high
110235	CentOS 7 : libvncserver (CESA-2018:1055)	Nessus	CentOS Local Security Checks	high
110143	EulerOS 2.0 SP1 : libvncserver (EulerOS-SA-2018-1139)	Nessus	Huawei Local Security Checks	high
109691	Amazon Linux 2 : libvncserver (ALAS-2018-1012)	Nessus	Amazon Linux Local Security Checks	high
109451	Scientific Linux Security Update : libvncserver on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
109153	Oracle Linux 7 : libvncserver (ELSA-2018-1055)	Nessus	Oracle Linux Local Security Checks	high
108994	RHEL 7 : libvncserver (RHSA-2018:1055)	Nessus	Red Hat Local Security Checks	high
108872	SUSE SLES11 Security Update : LibVNCServer (SUSE-SU-2018:0875-1)	Nessus	SuSE Local Security Checks	high
108841	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : libvncserver vulnerability (USN-3618-1)	Nessus	Ubuntu Local Security Checks	high
108818	Fedora 26 : libvncserver (2018-43541091ab)	Nessus	Fedora Local Security Checks	high
108766	Debian DLA-1332-1 : libvncserver security update	Nessus	Debian Local Security Checks	high
108743	openSUSE Security Update : LibVNCServer (openSUSE-2018-326)	Nessus	SuSE Local Security Checks	high
108685	SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2018:0830-1)	Nessus	SuSE Local Security Checks	high
108669	Fedora 27 : libvncserver (2018-4897772a43)	Nessus	Fedora Local Security Checks	high