CVE-2018-7225

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-7225

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7225.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-7225

Related

Published

2018-02-19T15:29:00Z

Modified

2024-09-18T03:00:00.830979Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.

References

Affected packages

Alpine:v3.10 / libvncserver

Package

Name: libvncserver
Purl: pkg:apk/alpine/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11-r2

Affected versions

0.*

0.9.10-r0

0.9.10-r1

0.9.11-r0

0.9.11-r1

Alpine:v3.11 / libvncserver

Package

Name: libvncserver
Purl: pkg:apk/alpine/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11-r2

Affected versions

0.*

0.9.10-r0

0.9.10-r1

0.9.11-r0

0.9.11-r1

Alpine:v3.5 / libvncserver

Package

Name: libvncserver
Purl: pkg:apk/alpine/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11-r1

Affected versions

0.*

0.9.10-r0

0.9.10-r1

0.9.10-r2

0.9.11-r0

Alpine:v3.6 / libvncserver

Package

Name: libvncserver
Purl: pkg:apk/alpine/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11-r1

Affected versions

0.*

0.9.10-r0

0.9.10-r1

0.9.11-r0

Alpine:v3.7 / libvncserver

Package

Name: libvncserver
Purl: pkg:apk/alpine/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11-r2

Affected versions

0.*

0.9.10-r0

0.9.10-r1

0.9.11-r0

0.9.11-r1

Alpine:v3.8 / libvncserver

Package

Name: libvncserver
Purl: pkg:apk/alpine/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11-r2

Affected versions

0.*

0.9.10-r0

0.9.10-r1

0.9.11-r0

0.9.11-r1

Alpine:v3.9 / libvncserver

Package

Name: libvncserver
Purl: pkg:apk/alpine/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11-r2

Affected versions

0.*

0.9.10-r0

0.9.10-r1

0.9.11-r0

0.9.11-r1

Debian:11 / libvncserver

Package

Name: libvncserver
Purl: pkg:deb/debian/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11+dfsg-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libvncserver

Package

Name: libvncserver
Purl: pkg:deb/debian/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11+dfsg-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libvncserver

Package

Name: libvncserver
Purl: pkg:deb/debian/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11+dfsg-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / tightvnc

Package

Name: tightvnc
Purl: pkg:deb/debian/tightvnc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.3.9-9.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / tightvnc

Package

Name: tightvnc
Purl: pkg:deb/debian/tightvnc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.3.9-9.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tightvnc

Package

Name: tightvnc
Purl: pkg:deb/debian/tightvnc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.3.9-9.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / vino

Package

Name: vino
Purl: pkg:deb/debian/vino?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.22.0-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / vino

Package

Name: vino
Purl: pkg:deb/debian/vino?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.22.0-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / vino

Package

Name: vino
Purl: pkg:deb/debian/vino?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.22.0-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/libvnc/libvncserver

Affected ranges

Type: GIT
Repo: https://github.com/libvnc/libvncserver
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8415ff4c3517c6697d53e1a17bba35284f480891

Affected versions

LibVNCServer-0.*

LibVNCServer-0.9.10

LibVNCServer-0.9.11

LibVNCServer-0.9.8

LibVNCServer-0.9.9

Other

X11VNC_0_9_10

X11VNC_0_9_11

X11VNC_0_9_12

X11VNC_0_9_7

X11VNC_0_9_8

X11VNC_0_9_9

X11VNC_REL_0_9_4

X11VNC_REL_0_9_5

X11VNC_REL_0_9_6