CVE-2016-10207Improper Restriction of Operations within the Bounds of a Memory Buffer in Tigervnc

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources
Severity
7.5HIGHNVD
EPSS
1.7%
top 17.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
TigervncDebian TigervncOpensuse Leap
Timeline
PublishedFeb 28
Latest updateMay 14

Description

The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

debiandebian/tigervnc< tigervnc 1.7.0-1 (bookworm)
Debiantigervnc/tigervnc< 1.7.0-1+3
NVDtigervnc/tigervnc8 versions+7
NVDopensuse/leap42.1, 42.2+1

Patches

Patch: lists.opensuse.orgPatch: github.comPatch: lists.opensuse.org

🔴Vulnerability Details

2
GHSA
GHSA-xv2c-qf7g-w8gj: The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake earl2022-05-14
OSV
CVE-2016-10207: The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake earl2017-02-28

📋Vendor Advisories

2
Red Hat
tigervnc: VNC server can crash when TLS handshake terminates early2016-08-23
Debian
CVE-2016-10207: tigervnc - The Xvnc server in TigerVNC allows remote attackers to cause a denial of service...2016

💬Community

2
Bugzilla
CVE-2016-10207 tigervnc: VNC server can crash when TLS handshake terminates early2017-02-02
Bugzilla
CVE-2016-10207 CVE-2017-5581 tigervnc: various flaws [fedora-all]2017-01-23
CVE-2016-10207 — Debian Tigervnc vulnerability | cvebase