CVE-2018-7225

NameCVE-2018-7225
DescriptionAn issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1332-1, DSA-4221-1
NVD severityhigh (attack range: remote)
Debian Bugs894045

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libvncserver (PTS)jessie (security), jessie0.9.9+dfsg2-6.1+deb8u3fixed
stretch (security), stretch0.9.11+dfsg-1+deb9u1fixed
buster, sid0.9.11+dfsg-1.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libvncserversource(unstable)0.9.11+dfsg-1.1high894045
libvncserversourcejessie0.9.9+dfsg2-6.1+deb8u3highDSA-4221-1
libvncserversourcestretch0.9.11+dfsg-1+deb9u1highDSA-4221-1
libvncserversourcewheezy0.9.9+dfsg-1+deb7u3highDLA-1332-1

Notes

https://github.com/LibVNC/libvncserver/issues/218
https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee

Search for package or bug name: Reporting problems