CVE-2017-18922: It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.

Affected

23 ranges

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	libvncserver	< libvncserver 0.9.12+dfsg-3 (bookworm)	libvncserver 0.9.12+dfsg-3 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
libvncserver_project	libvncserver	< 0.9.12	0.9.12
libvncserver_project	libvncserver	>= 0 < 0.9.12+dfsg-3	0.9.12+dfsg-3
libvncserver_project	libvncserver	>= 0 < 0.9.12+dfsg-3	0.9.12+dfsg-3
libvncserver_project	libvncserver	>= 0 < 0.9.12+dfsg-3	0.9.12+dfsg-3
libvncserver_project	libvncserver	>= 0 < 0.9.12+dfsg-3	0.9.12+dfsg-3
libvncserver_project	libvncserver	>= 0 < 0.9.10+dfsg-3ubuntu0.16.04.4	0.9.10+dfsg-3ubuntu0.16.04.4
libvncserver_project	libvncserver	>= 0 < 0.9.11+dfsg-1ubuntu1.2	0.9.11+dfsg-1ubuntu1.2
libvncserver_project	libvncserver	>= 0 < 0.9.12+dfsg-9ubuntu0.1	0.9.12+dfsg-9ubuntu0.1
opensuse	leap	—	—
opensuse	leap	—	—
siemens	simatic_itc1500_firmware	>= 3.0.0.0 < 3.2.1.0	3.2.1.0
siemens	simatic_itc1500_pro_firmware	>= 3.0.0.0 < 3.2.1.0	3.2.1.0
siemens	simatic_itc1900_firmware	>= 3.0.0.0 < 3.2.1.0	3.2.1.0
siemens	simatic_itc1900_pro_firmware	>= 3.0.0.0 < 3.2.1.0	3.2.1.0
siemens	simatic_itc2200_firmware	>= 3.0.0.0 < 3.2.1.0	3.2.1.0
siemens	simatic_itc2200_pro_firmware	>= 3.0.0.0 < 3.2.1.0	3.2.1.0

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL