CVE-2018-7225

NameCVE-2018-7225
DescriptionAn issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1332-1, DLA-1979-1, DLA-2014-1, DLA-2045-1, DSA-4221-1
NVD severityhigh
Debian Bugs894045, 945784

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
italc (PTS)jessie1:2.0.2+dfsg1-2vulnerable
jessie (security)1:2.0.2+dfsg1-2+deb8u1fixed
stretch1:3.0.3+dfsg1-1vulnerable
libvncserver (PTS)jessie0.9.9+dfsg2-6.1+deb8u3fixed
jessie (security)0.9.9+dfsg2-6.1+deb8u6fixed
stretch (security), stretch0.9.11+dfsg-1.3~deb9u1fixed
buster0.9.11+dfsg-1.3fixed
bullseye, sid0.9.12+dfsg-7fixed
tightvnc (PTS)jessie1.3.9-6.5vulnerable
jessie (security)1.3.9-6.5+deb8u1fixed
buster, stretch1:1.3.9-9vulnerable
bullseye, sid1:1.3.9-9.1fixed
vino (PTS)jessie3.14.0-2vulnerable
jessie (security)3.14.0-2+deb8u1fixed
stretch3.22.0-1vulnerable
bullseye, sid, buster3.22.0-5vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
italcsource(unstable)(unfixed)
italcsourcejessie1:2.0.2+dfsg1-2+deb8u1DLA-1979-1
libvncserversource(unstable)0.9.11+dfsg-1.1894045
libvncserversourcejessie0.9.9+dfsg2-6.1+deb8u3DSA-4221-1
libvncserversourcestretch0.9.11+dfsg-1+deb9u1DSA-4221-1
libvncserversourcewheezy0.9.9+dfsg-1+deb7u3DLA-1332-1
tightvncsource(unstable)1:1.3.9-9.1
tightvncsourcejessie1.3.9-6.5+deb8u1DLA-2045-1
vinosource(unstable)(unfixed)945784
vinosourcejessie3.14.0-2+deb8u1DLA-2014-1

Notes

[buster] - tightvnc <no-dsa> (Minor issue; will be fixed via point release)
[stretch] - tightvnc <no-dsa> (Minor issue; will be fixed via point release)
https://github.com/LibVNC/libvncserver/issues/218
https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee

Search for package or bug name: Reporting problems