UBUNTU-CVE-2018-7225
- Source
- https://ubuntu.com/security/CVE-2018-7225
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-7225.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-7225
- Related
- Published
- 2018-02-19T00:00:00Z
- Modified
- 2024-10-15T14:06:43Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
- References
-
- https://ubuntu.com/security/CVE-2018-7225
- http://www.openwall.com/lists/oss-security/2018/02/18/1
- https://ubuntu.com/security/notices/USN-3618-1
- https://ubuntu.com/security/notices/USN-4547-1
- https://ubuntu.com/security/notices/USN-4573-1
- https://ubuntu.com/security/notices/USN-4587-1
- https://www.cve.org/CVERecord?id=CVE-2018-7225
Affected packages
Ubuntu:14.04:LTS / libvncserver
Package
- Name
- libvncserver
- Purl
- pkg:deb/ubuntu/libvncserver?arch=src?distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.9+dfsg-1ubuntu1.3
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "0.9.9+dfsg-1ubuntu1.3",
"binary_name": "libvncserver-config"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.3",
"binary_name": "libvncserver-config-dbgsym"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.3",
"binary_name": "libvncserver-dev"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.3",
"binary_name": "libvncserver-dev-dbgsym"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.3",
"binary_name": "libvncserver0"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.3",
"binary_name": "libvncserver0-dbg"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.3",
"binary_name": "libvncserver0-dbgsym"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.3",
"binary_name": "linuxvnc"
},
{
"binary_version": "0.9.9+dfsg-1ubuntu1.3",
"binary_name": "linuxvnc-dbgsym"
}
]
}
Ubuntu:Pro:14.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.3.9-6.5+deb8u1build0.14.04.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
"binary_name": "tightvncserver"
},
{
"binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
"binary_name": "tightvncserver-dbgsym"
},
{
"binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
"binary_name": "xtightvncviewer"
},
{
"binary_version": "1.3.9-6.5+deb8u1build0.14.04.1~esm1",
"binary_name": "xtightvncviewer-dbgsym"
}
]
}
Ubuntu:16.04:LTS / italc
Package
- Name
- italc
- Purl
- pkg:deb/ubuntu/italc?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:2.0.2+dfsg1-4ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-client"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-client-dbg"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-client-dbgsym"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-management-console"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-management-console-dbg"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-management-console-dbgsym"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-master"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-master-dbg"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "italc-master-dbgsym"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "libitalccore"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "libitalccore-dbg"
},
{
"binary_version": "1:2.0.2+dfsg1-4ubuntu0.1",
"binary_name": "libitalccore-dbgsym"
}
]
}
Ubuntu:16.04:LTS / libvncserver
Package
- Name
- libvncserver
- Purl
- pkg:deb/ubuntu/libvncserver?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.10+dfsg-3ubuntu0.16.04.2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.2",
"binary_name": "libvncclient1"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.2",
"binary_name": "libvncclient1-dbg"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.2",
"binary_name": "libvncclient1-dbgsym"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.2",
"binary_name": "libvncserver-config"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.2",
"binary_name": "libvncserver-config-dbgsym"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.2",
"binary_name": "libvncserver-dev"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.2",
"binary_name": "libvncserver-dev-dbgsym"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.2",
"binary_name": "libvncserver1"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.2",
"binary_name": "libvncserver1-dbg"
},
{
"binary_version": "0.9.10+dfsg-3ubuntu0.16.04.2",
"binary_name": "libvncserver1-dbgsym"
}
]
}
Ubuntu:16.04:LTS / vino
Package
- Name
- vino
- Purl
- pkg:deb/ubuntu/vino?arch=src?distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.8.1-0ubuntu9.3
Ubuntu:Pro:16.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc?arch=src?distro=esm-apps/xenial
Ubuntu:18.04:LTS / italc
Package
- Name
- italc
- Purl
- pkg:deb/ubuntu/italc?arch=src?distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:3.0.3+dfsg1-3ubuntu0.1
Affected versions
1:3.*
1:3.0.3+dfsg1-1
1:3.0.3+dfsg1-2
1:3.0.3+dfsg1-2build1
1:3.0.3+dfsg1-2ubuntu1
1:3.0.3+dfsg1-3
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-client"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-client-dbgsym"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-management-console"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-management-console-dbgsym"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-master"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "italc-master-dbgsym"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "libitalccore"
},
{
"binary_version": "1:3.0.3+dfsg1-3ubuntu0.1",
"binary_name": "libitalccore-dbgsym"
}
]
}
Ubuntu:18.04:LTS / vino
Package
- Name
- vino
- Purl
- pkg:deb/ubuntu/vino?arch=src?distro=bionic
Ubuntu:Pro:18.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc?arch=src?distro=esm-apps/bionic
Ubuntu:20.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc?arch=src?distro=focal
Ubuntu:20.04:LTS / vino
Package
- Name
- vino
- Purl
- pkg:deb/ubuntu/vino?arch=src?distro=focal
Ubuntu:22.04:LTS / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc?arch=src?distro=jammy
Ubuntu:24.10 / tightvnc
Package
- Name
- tightvnc
- Purl
- pkg:deb/ubuntu/tightvnc?arch=src?distro=oracular