CVE-2011-0905Improper Restriction of Operations within the Bounds of a Memory Buffer in King Vino

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read9 documents8 sources
Severity
3.5LOWNVD
EPSS
1.2%
top 20.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
David King Vino
Timeline
PublishedMay 10
Latest updateMay 17

Description

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

Debiandavid_king/vino< 2.28.2-3+1
NVDdavid_king/vino61 versions+60

Patches

Patch: git.gnome.orgPatch: git.gnome.orgPatch: git.gnome.org

🔴Vulnerability Details

3
GHSA
GHSA-fx9f-m844-h4j5: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver2022-05-17
OSV
CVE-2011-0905: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver2011-05-10
CVEList
CVE-2011-0905: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver2011-05-10

📋Vendor Advisories

3
Ubuntu
Vino vulnerabilities2011-05-02
Red Hat
vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests2011-05-02
Debian
CVE-2011-0905: libvncserver - The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino...2011

💬Community

2
Bugzilla
CVE-2011-0904 CVE-2011-0905 vino various flaws [fedora-all]2011-05-03
Bugzilla
CVE-2011-0905 vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests2011-04-07
CVE-2011-0905 — David King Vino vulnerability | cvebase