CVE-2018-7225

HIGH

Description

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

References

http://www.openwall.com/lists/oss-security/2018/02/18/1

http://www.securityfocus.com/bid/103107

https://access.redhat.com/errata/RHSA-2018:1055

https://github.com/LibVNC/libvncserver/issues/218

https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html

https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html

https://security.gentoo.org/glsa/201908-05

https://usn.ubuntu.com/3618-1/

https://www.debian.org/security/2018/dsa-4221

Details

Source: MITRE

Published: 2018-02-19

Updated: 2019-08-09

Type: CWE-190

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL