CVE-2011-0905
published 2011-05-10CVE-2011-0905: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2…
PriorityP412low3.5CVSS 2.0
AVNACMAuSCNINAP
EPSS
1.50%
71.0th percentile
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
Affected
65 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
| david_king | vino | — | — |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:N/A:P
osv3.5LOW
vendor_debian3.5LOW
vendor_redhat3.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fx9f-m844-h4j5: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver
ghsa_unreviewed·2022-05-17
CVE-2011-0905 [LOW] CWE-119 GHSA-fx9f-m844-h4j5: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
OSV
CVE-2011-0905: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver
osv·2011-05-10·CVSS 3.5
CVE-2011-0905 [LOW] CVE-2011-0905: The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
Ubuntu
Vino vulnerabilities
vendor_ubuntu·2011-05-02
CVE-2011-0904 Vino vulnerabilities
Title: Vino vulnerabilities
Summary: An attacker could send crafted input to Vino and cause it to crash.
Kevin Chen discovered that Vino incorrectly handled certain client
framebuffer requests. A remote attacker could use this flaw to cause Vino
to crash, leading to a denial of service.
Instructions: After a standard system update you need to restart your session to make
all the necessary changes.
Red Hat
vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests
vendor_redhat·2011-05-02·CVSS 3.5
CVE-2011-0905 [LOW] CWE-125 vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests
vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
Package: kdenetwork (Red Hat Enterprise Linux 4) - Will not fix
Package: vino (Red Hat Enterprise Linux 4) - Will not fix
Package: kdenetwork (Red Hat Enterprise Linux 5) - Will not fix
Package: vino (Red Hat Enterprise Linux 5) - Will not fix
Package: kdenetwork (Red Hat Enterprise Linux 6) - Not aff
Debian
CVE-2011-0905: libvncserver - The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino...
vendor_debian·2011·CVSS 3.5
CVE-2011-0905 [LOW] CVE-2011-0905: libvncserver - The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino...
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-0904 CVE-2011-0905 vino various flaws [fedora-all]
bugzilla·2011-05-03·CVSS 3.5
CVE-2011-0904 [LOW] CVE-2011-0904 CVE-2011-0905 vino various flaws [fedora-all]
CVE-2011-0904 CVE-2011-0905 vino various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=694455
Please note: this issue affects multiple supported vers
Bugzilla
CVE-2011-0905 vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests
bugzilla·2011-04-07·CVSS 3.5
CVE-2011-0905 [LOW] CVE-2011-0905 vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests
CVE-2011-0905 vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requests
An out of bounds read flaw was found in the way vino, remote desktop
system for GNOME processed certain framebuffer update requests from
VNC client, when tight encoding was used. An attacker could use this
flaw to send a specially-crafted request to vino, causing it to crash.
Upstream bug report:
[1] https://bugzilla.gnome.org/show_bug.cgi?id=641803 (not public yet)
[2] https://bugzilla.gnome.org/show_bug.cgi?id=641802
(dedicated to CVE-2011-0904 issue)
Relevant upstream commits (for gnome-2-28, gnome-2-30, gnome-2-32,
gnome-3-0 and master branches):
[2]
http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4
[3]
http://git.gnome.org/browse/vi
http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.newshttp://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.newshttp://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.newshttp://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522fhttp://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8ahttp://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975dhttp://git.gnome.org/browse/vino/log/?h=gnome-2-30http://git.gnome.org/browse/vino/tree/NEWShttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0169.htmlhttp://secunia.com/advisories/44410http://secunia.com/advisories/44463http://www.debian.org/security/2011/dsa-2238http://www.mandriva.com/security/advisories?name=MDVSA-2011:087http://www.securityfocus.com/bid/47681http://www.ubuntu.com/usn/usn-1128-1/http://www.vupen.com/english/advisories/2011/1144https://bugzilla.gnome.org/show_bug.cgi?id=641803https://bugzilla.redhat.com/show_bug.cgi?id=694456https://exchange.xforce.ibmcloud.com/vulnerabilities/67244http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.newshttp://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.newshttp://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.newshttp://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522fhttp://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8ahttp://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975dhttp://git.gnome.org/browse/vino/log/?h=gnome-2-30http://git.gnome.org/browse/vino/tree/NEWShttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0169.htmlhttp://secunia.com/advisories/44410http://secunia.com/advisories/44463http://www.debian.org/security/2011/dsa-2238http://www.mandriva.com/security/advisories?name=MDVSA-2011:087http://www.securityfocus.com/bid/47681http://www.ubuntu.com/usn/usn-1128-1/http://www.vupen.com/english/advisories/2011/1144https://bugzilla.gnome.org/show_bug.cgi?id=641803https://bugzilla.redhat.com/show_bug.cgi?id=694456https://exchange.xforce.ibmcloud.com/vulnerabilities/67244
2011-05-10
Published