CVE-2018-7225

CVE-2018-7225

Name

CVE-2018-7225

Description

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Third Party Advisory	https://github.com/LibVNC/libvncserver/issues/218
Exploit	http://www.openwall.com/lists/oss-security/2018/02/18/1
Third Party Advisory	http://www.securityfocus.com/bid/103107
Mailing List	https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html
Third Party Advisory	https://usn.ubuntu.com/3618-1/
Third Party Advisory	https://access.redhat.com/errata/RHSA-2018:1055
Third Party Advisory	https://www.debian.org/security/2018/dsa-4221
GENTOO	https://security.gentoo.org/glsa/201908-05
MLIST	https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html
MLIST	https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html
MLIST	https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
UBUNTU	https://usn.ubuntu.com/4547-1/
UBUNTU	https://usn.ubuntu.com/4573-1/
UBUNTU	https://usn.ubuntu.com/4587-1/

Type

URI

Third Party Advisory

https://github.com/LibVNC/libvncserver/issues/218

Exploit

http://www.openwall.com/lists/oss-security/2018/02/18/1

Third Party Advisory

http://www.securityfocus.com/bid/103107

Mailing List

https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html

Third Party Advisory

https://usn.ubuntu.com/3618-1/