CVE-2018-7225

NameCVE-2018-7225
DescriptionAn issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1332-1, DLA-1979-1, DLA-2014-1, DLA-2045-1, DSA-4221-1
NVD severityhigh
Debian Bugs894045, 945784

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
italc (PTS)jessie1:2.0.2+dfsg1-2vulnerable
jessie (security)1:2.0.2+dfsg1-2+deb8u1fixed
stretch1:3.0.3+dfsg1-1+deb9u1fixed
libvncserver (PTS)jessie0.9.9+dfsg2-6.1+deb8u3fixed
jessie (security)0.9.9+dfsg2-6.1+deb8u7fixed
stretch0.9.11+dfsg-1.3~deb9u3fixed
stretch (security)0.9.11+dfsg-1.3~deb9u1fixed
buster0.9.11+dfsg-1.3+deb10u2fixed
bullseye, sid0.9.12+dfsg-9fixed
tightvnc (PTS)jessie1.3.9-6.5vulnerable
jessie (security)1.3.9-6.5+deb8u1fixed
stretch1:1.3.9-9+deb9u1fixed
buster1:1.3.9-9+deb10u1fixed
bullseye, sid1:1.3.9-9.1fixed
vino (PTS)jessie3.14.0-2vulnerable
jessie (security)3.14.0-2+deb8u1fixed
stretch3.22.0-1vulnerable
buster3.22.0-5vulnerable
bullseye, sid3.22.0-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
italcsource(unstable)(unfixed)
italcsourcejessie1:2.0.2+dfsg1-2+deb8u1DLA-1979-1
italcsourcestretch1:3.0.3+dfsg1-1+deb9u1
libvncserversource(unstable)0.9.11+dfsg-1.1894045
libvncserversourcejessie0.9.9+dfsg2-6.1+deb8u3DSA-4221-1
libvncserversourcestretch0.9.11+dfsg-1+deb9u1DSA-4221-1
libvncserversourcewheezy0.9.9+dfsg-1+deb7u3DLA-1332-1
tightvncsource(unstable)1:1.3.9-9.1
tightvncsourcebuster1:1.3.9-9deb10u1
tightvncsourcejessie1.3.9-6.5+deb8u1DLA-2045-1
tightvncsourcestretch1:1.3.9-9+deb9u1
vinosource(unstable)3.22.0-6945784
vinosourcejessie3.14.0-2+deb8u1DLA-2014-1

Notes

[buster] - vino <no-dsa> (Minor issue)
[stretch] - vino <no-dsa> (Minor issue)
https://github.com/LibVNC/libvncserver/issues/218
https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee

Search for package or bug name: Reporting problems