CVE-2011-0904Improper Restriction of Operations within the Bounds of a Memory Buffer in King Vino

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read11 documents9 sources
Severity
3.5LOWNVD
EPSS
0.7%
top 28.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
David King Vino
Timeline
PublishedMay 10
Latest updateMay 17

Description

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

Debiandavid_king/vino< 2.28.2-3+1
NVDdavid_king/vino71 versions+70

Patches

Patch: git.gnome.orgPatch: git.gnome.orgPatch: git.gnome.org

🔴Vulnerability Details

3
GHSA
GHSA-5c7f-3fp9-p3v4: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver2022-05-17
CVEList
CVE-2011-0904: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver2011-05-10
OSV
CVE-2011-0904: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver2011-05-10

💥Exploits & PoCs

1
Exploit-DB
Oracle Secure Backup - Authentication Bypass/Command Injection (Metasploit)2011-08-19

📋Vendor Advisories

3
Ubuntu
Vino vulnerabilities2011-05-02
Red Hat
vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests2011-05-02
Debian
CVE-2011-0904: libvncserver - The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino...2011

💬Community

2
Bugzilla
CVE-2011-0904 CVE-2011-0905 vino various flaws [fedora-all]2011-05-03
Bugzilla
CVE-2011-0904 vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests2011-04-07
CVE-2011-0904 — David King Vino vulnerability | cvebase