CVE-2017-7392Missing Release of Resource after Effective Lifetime in Tigervnc

CWE-772Missing Release of Resource after Effective Lifetime7 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 37.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
TigervncDebian Tigervnc
Timeline
PublishedApr 1
Latest updateMay 13

Description

In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/tigervnc< tigervnc 1.7.0+dfsg-7 (bookworm)
Debiantigervnc/tigervnc< 1.7.0+dfsg-7+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-24jm-j25m-87p2: In TigerVNC 12022-05-13
OSV
CVE-2017-7392: In TigerVNC 12017-04-01

📋Vendor Advisories

2
Red Hat
tigervnc: SSecurityVeNCrypt memory leak2017-03-29
Debian
CVE-2017-7392: tigervnc - In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), ...2017

💬Community

2
Bugzilla
CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396 tigervnc: various flaws [fedora-all]2017-04-04
Bugzilla
CVE-2017-7392 tigervnc: SSecurityVeNCrypt memory leak2017-04-04
CVE-2017-7392 — Debian Tigervnc vulnerability | cvebase