CVE-2017-18922

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-18922
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18922.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-18922
Downstream
Related
Published
2020-06-30T11:15:10Z
Modified
2025-10-10T01:05:14.041203Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.

References

Affected packages

Git / github.com/libvnc/libvncserver

Affected ranges

Type
GIT
Repo
https://github.com/libvnc/libvncserver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
aac95a9dcf4bbba87b76c72706c3221a842ca433

Affected versions

LibVNCServer-0.*

LibVNCServer-0.9.10
LibVNCServer-0.9.11
LibVNCServer-0.9.8
LibVNCServer-0.9.9

Other

X11VNC_0_9_10
X11VNC_0_9_11
X11VNC_0_9_12
X11VNC_0_9_7
X11VNC_0_9_8
X11VNC_0_9_9
X11VNC_REL_0_9_4
X11VNC_REL_0_9_5
X11VNC_REL_0_9_6

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 176.0,
                "function_hash": "4192862848267438214439110634635588072"
            },
            "target": {
                "function": "webSocketsHasDataInBuffer",
                "file": "libvncserver/websockets.c"
            },
            "signature_version": "v1",
            "signature_type": "Function",
            "id": "CVE-2017-18922-360ab9dc",
            "source": "https://github.com/libvnc/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433",
            "deprecated": false
        },
        {
            "digest": {
                "line_hashes": [
                    "173922260186055865354518737391703052097",
                    "56821898895295059503218561357863637983",
                    "23150486626601339915975386036337767618",
                    "250935221023354333397901044748689126272",
                    "109606343078991272650653667151107372763",
                    "289521193823769270065434020324679201609",
                    "173740662693801268810258547625693334727",
                    "146560340165124546123548984395693986979",
                    "70954108957601406040619836564374656407",
                    "21775490849614507554389094883504761729",
                    "122629726779578731919219957315011675175",
                    "146977434631966694475315870420205905164",
                    "105100512502605653640058379360416856162",
                    "108652978449686226688408591875141645911",
                    "189183789737069855263254052726387835113",
                    "270005102536000728315668738260265941459",
                    "180447315146766776763476947122114091677",
                    "130633486538389057262455421995932877164",
                    "280864155617036729202580722094736783181",
                    "251610483970200236584144496953601754347",
                    "108517556028570942643485120908283931040",
                    "101739793374663095437251289592436095620",
                    "224695484649912521201945250608395839106",
                    "262056766955362739518371422636401475379",
                    "111664464406336527749841572994536811983",
                    "206774810066470802542005711855109539444",
                    "264870122303068250665068750004738040197",
                    "291407033110245756956263798605748961149",
                    "234655223453218491714399636205616140418",
                    "331649873892727651118162285839882565001",
                    "275766414100203432152573878129104465814",
                    "202975367429414418615956081121090996439",
                    "304426057205595101960571572028905347962",
                    "224610252634520782893748673129281658784",
                    "14632853704757352577589889303915444957",
                    "212054460075401421581259734612332362531",
                    "262404967334289600304429863264306333674",
                    "20788620276425261753274919033926600534",
                    "209039522799073731493972586235473470576",
                    "279617183330223968553606308542149361113",
                    "286409474413629544083911978874311880974",
                    "146004504798406985420657107168848865607",
                    "224454959680507458901286538662365409682",
                    "6104720095649175101591403456792195108",
                    "128895514668553947824310718387289737566",
                    "143921743834589988548869215710155949077"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "libvncserver/websockets.c"
            },
            "signature_version": "v1",
            "signature_type": "Line",
            "id": "CVE-2017-18922-3e8fdbb3",
            "source": "https://github.com/libvnc/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433",
            "deprecated": false
        }
    ]
}