CVE-2017-18922

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-18922
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18922.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-18922
Downstream
Related
Published
2020-06-30T11:15:10Z
Modified
2025-10-21T04:16:43.624659Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.

References

Affected packages

Git / github.com/libvnc/libvncserver

Affected ranges

Type
GIT
Repo
https://github.com/libvnc/libvncserver
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
aac95a9dcf4bbba87b76c72706c3221a842ca433

Affected versions

LibVNCServer-0.*

LibVNCServer-0.9.10
LibVNCServer-0.9.11
LibVNCServer-0.9.8
LibVNCServer-0.9.9

Other

X11VNC_0_9_10
X11VNC_0_9_11
X11VNC_0_9_12
X11VNC_0_9_7
X11VNC_0_9_8
X11VNC_0_9_9
X11VNC_REL_0_9_4
X11VNC_REL_0_9_5
X11VNC_REL_0_9_6

Database specific

vanir_signatures

[
    {
        "id": "CVE-2017-18922-360ab9dc",
        "source": "https://github.com/libvnc/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "webSocketsHasDataInBuffer",
            "file": "libvncserver/websockets.c"
        },
        "digest": {
            "function_hash": "4192862848267438214439110634635588072",
            "length": 176.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2017-18922-3e8fdbb3",
        "source": "https://github.com/libvnc/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "libvncserver/websockets.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "173922260186055865354518737391703052097",
                "56821898895295059503218561357863637983",
                "23150486626601339915975386036337767618",
                "250935221023354333397901044748689126272",
                "109606343078991272650653667151107372763",
                "289521193823769270065434020324679201609",
                "173740662693801268810258547625693334727",
                "146560340165124546123548984395693986979",
                "70954108957601406040619836564374656407",
                "21775490849614507554389094883504761729",
                "122629726779578731919219957315011675175",
                "146977434631966694475315870420205905164",
                "105100512502605653640058379360416856162",
                "108652978449686226688408591875141645911",
                "189183789737069855263254052726387835113",
                "270005102536000728315668738260265941459",
                "180447315146766776763476947122114091677",
                "130633486538389057262455421995932877164",
                "280864155617036729202580722094736783181",
                "251610483970200236584144496953601754347",
                "108517556028570942643485120908283931040",
                "101739793374663095437251289592436095620",
                "224695484649912521201945250608395839106",
                "262056766955362739518371422636401475379",
                "111664464406336527749841572994536811983",
                "206774810066470802542005711855109539444",
                "264870122303068250665068750004738040197",
                "291407033110245756956263798605748961149",
                "234655223453218491714399636205616140418",
                "331649873892727651118162285839882565001",
                "275766414100203432152573878129104465814",
                "202975367429414418615956081121090996439",
                "304426057205595101960571572028905347962",
                "224610252634520782893748673129281658784",
                "14632853704757352577589889303915444957",
                "212054460075401421581259734612332362531",
                "262404967334289600304429863264306333674",
                "20788620276425261753274919033926600534",
                "209039522799073731493972586235473470576",
                "279617183330223968553606308542149361113",
                "286409474413629544083911978874311880974",
                "146004504798406985420657107168848865607",
                "224454959680507458901286538662365409682",
                "6104720095649175101591403456792195108",
                "128895514668553947824310718387289737566",
                "143921743834589988548869215710155949077"
            ]
        },
        "signature_type": "Line"
    }
]