CVE-2018-7225

NameCVE-2018-7225
DescriptionAn issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1332-1, DLA-1979-1, DLA-2014-1, DLA-2045-1, DSA-4221-1
Debian Bugs894045, 945784

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libvncserver (PTS)buster0.9.11+dfsg-1.3+deb10u4fixed
buster (security)0.9.11+dfsg-1.3+deb10u5fixed
bullseye0.9.13+dfsg-2+deb11u1fixed
sid, trixie, bookworm0.9.14+dfsg-1fixed
tightvnc (PTS)buster1:1.3.9-9+deb10u1fixed
bullseye1:1.3.10-3fixed
sid, trixie, bookworm1:1.3.10-7fixed
vino (PTS)buster3.22.0-5vulnerable
sid, trixie, bookworm, bullseye3.22.0-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
italcsourcejessie1:2.0.2+dfsg1-2+deb8u1DLA-1979-1
italcsourcestretch1:3.0.3+dfsg1-1+deb9u1
italcsource(unstable)(unfixed)
libvncserversourcewheezy0.9.9+dfsg-1+deb7u3DLA-1332-1
libvncserversourcejessie0.9.9+dfsg2-6.1+deb8u3DSA-4221-1
libvncserversourcestretch0.9.11+dfsg-1+deb9u1DSA-4221-1
libvncserversource(unstable)0.9.11+dfsg-1.1894045
tightvncsourcejessie1.3.9-6.5+deb8u1DLA-2045-1
tightvncsourcestretch1:1.3.9-9+deb9u1
tightvncsourcebuster1:1.3.9-9deb10u1
tightvncsource(unstable)1:1.3.9-9.1
vinosourcejessie3.14.0-2+deb8u1DLA-2014-1
vinosource(unstable)3.22.0-6945784

Notes

[buster] - vino <no-dsa> (Minor issue)
[stretch] - vino <no-dsa> (Minor issue)
https://github.com/LibVNC/libvncserver/issues/218
https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee

Search for package or bug name: Reporting problems