CVE-2011-0904
published 2011-05-10CVE-2011-0904: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2…
PriorityP414low3.5CVSS 2.0
AVNACMAuSCNINAP
EPSS
2.30%
81.2th percentile
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
Affected
75 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
osv3.5LOW
vendor_debian3.5LOW
vendor_redhat3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Vino vulnerabilities
vendor_ubuntu·2011-05-02
CVE-2011-0904 Vino vulnerabilities
Title: Vino vulnerabilities
Summary: An attacker could send crafted input to Vino and cause it to crash.
Kevin Chen discovered that Vino incorrectly handled certain client
framebuffer requests. A remote attacker could use this flaw to cause Vino
to crash, leading to a denial of service.
Instructions: After a standard system update you need to restart your session to make
all the necessary changes.
Red Hat
vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests
vendor_redhat·2011-05-02·CVSS 3.5
CVE-2011-0904 [LOW] CWE-125 vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests
vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
Package: kdenetwork (Red Hat Enterprise Linux 4) - Will not fix
Package: vino (Red Hat Enterprise Linux 4) - Will not fix
Package: kdenetwork (Red Hat Enterprise Linux 5) - Will not fix
Package: vino (Red Hat E
Debian
CVE-2011-0904: libvncserver - The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino...
vendor_debian·2011·CVSS 3.5
CVE-2011-0904 [LOW] CVE-2011-0904: libvncserver - The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino...
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-5c7f-3fp9-p3v4: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver
ghsa_unreviewed·2022-05-17
CVE-2011-0904 [LOW] CWE-119 GHSA-5c7f-3fp9-p3v4: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
OSV
CVE-2011-0904: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver
osv·2011-05-10·CVSS 3.5
CVE-2011-0904 [LOW] CVE-2011-0904: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
No detection rules found.
Bugzilla
CVE-2011-0904 CVE-2011-0905 vino various flaws [fedora-all]
bugzilla·2011-05-03·CVSS 3.5
CVE-2011-0904 [LOW] CVE-2011-0904 CVE-2011-0905 vino various flaws [fedora-all]
CVE-2011-0904 CVE-2011-0905 vino various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=694455
Please note: this issue affects multiple supported vers
Bugzilla
CVE-2011-0904 vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests
bugzilla·2011-04-07·CVSS 3.5
CVE-2011-0904 [LOW] CVE-2011-0904 vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests
CVE-2011-0904 vino: Out of bounds read flaw by processing certain client raw encoding framebuffer update requests
An out of bounds read flaw was found in the way vino, remote desktop
system for GNOME processed certain framebuffer update requests from
VNC client, when raw encoding was used. An attacker could use this
flaw to send a specially-crafted request to vino, causing it to crash.
Upstream bug report:
[1] https://bugzilla.gnome.org/show_bug.cgi?id=641802
Relevant upstream commits (for gnome-2-28, gnome-2-30, gnome-2-32,
gnome-3-0 and master branches):
[2] http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4
[3] http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0
[4] http://git.gnome.org/browse/vino/commit/?id=e17bd4e
Bugzilla
CVE-2011-0905 vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests
bugzilla·2011-04-07·CVSS 3.5
CVE-2011-0905 [LOW] CVE-2011-0905 vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests
CVE-2011-0905 vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests
An out of bounds read flaw was found in the way vino, remote desktop
system for GNOME processed certain framebuffer update requests from
VNC client, when tight encoding was used. An attacker could use this
flaw to send a specially-crafted request to vino, causing it to crash.
Upstream bug report:
[1] https://bugzilla.gnome.org/show_bug.cgi?id=641803 (not public yet)
[2] https://bugzilla.gnome.org/show_bug.cgi?id=641802
(dedicated to CVE-2011-0904 issue)
Relevant upstream commits (for gnome-2-28, gnome-2-30, gnome-2-32,
gnome-3-0 and master branches):
[2]
http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4
[3]
http://git.gnome.org/browse/vi
http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.newshttp://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.newshttp://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.newshttp://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522fhttp://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8ahttp://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975dhttp://git.gnome.org/browse/vino/log/?h=gnome-2-30http://git.gnome.org/browse/vino/tree/NEWShttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0169.htmlhttp://secunia.com/advisories/44410http://secunia.com/advisories/44463http://www.debian.org/security/2011/dsa-2238http://www.mandriva.com/security/advisories?name=MDVSA-2011:087http://www.securityfocus.com/bid/47681http://www.ubuntu.com/usn/usn-1128-1/http://www.vupen.com/english/advisories/2011/1144https://bugzilla.gnome.org/show_bug.cgi?id=641802https://bugzilla.redhat.com/show_bug.cgi?id=694455https://exchange.xforce.ibmcloud.com/vulnerabilities/67243http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.newshttp://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.newshttp://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.newshttp://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522fhttp://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8ahttp://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975dhttp://git.gnome.org/browse/vino/log/?h=gnome-2-30http://git.gnome.org/browse/vino/tree/NEWShttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0169.htmlhttp://secunia.com/advisories/44410http://secunia.com/advisories/44463http://www.debian.org/security/2011/dsa-2238http://www.mandriva.com/security/advisories?name=MDVSA-2011:087http://www.securityfocus.com/bid/47681http://www.ubuntu.com/usn/usn-1128-1/http://www.vupen.com/english/advisories/2011/1144https://bugzilla.gnome.org/show_bug.cgi?id=641802https://bugzilla.redhat.com/show_bug.cgi?id=694455https://exchange.xforce.ibmcloud.com/vulnerabilities/67243
2011-05-10
Published