CVE-2018-7225: An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to…

critical9.8CVSS 3.0

AVNACLPRNUINSUCHIHAH

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

Affected

30 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
david_king	vino	>= 0 < 3.22.0-6	3.22.0-6
david_king	vino	>= 0 < 3.22.0-6	3.22.0-6
david_king	vino	>= 0 < 3.8.1-0ubuntu9.3	3.8.1-0ubuntu9.3
david_king	vino	>= 0 < 3.22.0-3ubuntu1.1	3.22.0-3ubuntu1.1
david_king	vino	>= 0 < 3.22.0-5ubuntu2.1	3.22.0-5ubuntu2.1
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	libvncserver	< libvncserver 0.9.11+dfsg-1.1 (bookworm)	libvncserver 0.9.11+dfsg-1.1 (bookworm)
debian	tightvnc	< libvncserver 0.9.11+dfsg-1.1 (bookworm)	libvncserver 0.9.11+dfsg-1.1 (bookworm)
debian	vino	< libvncserver 0.9.11+dfsg-1.1 (bookworm)	libvncserver 0.9.11+dfsg-1.1 (bookworm)
libvncserver_project	libvncserver	<= 0.9.11	—
libvncserver_project	libvncserver	>= 0 < 0.9.11+dfsg-1.1	0.9.11+dfsg-1.1
libvncserver_project	libvncserver	>= 0 < 0.9.11+dfsg-1.1	0.9.11+dfsg-1.1
libvncserver_project	libvncserver	>= 0 < 0.9.11+dfsg-1.1	0.9.11+dfsg-1.1
libvncserver_project	libvncserver	>= 0 < 0.9.11+dfsg-1.1	0.9.11+dfsg-1.1
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_eus	—	—
redhat	enterprise_linux_server_tus	—	—

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL