3.5

CVE-2011-0904

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
David KingVino Version2.7
David KingVino Version2.7.3
David KingVino Version2.7.3.1
David KingVino Version2.7.4
David KingVino Version2.7.4.90
David KingVino Version2.7.4.91
David KingVino Version2.7.92
David KingVino Version2.8
David KingVino Version2.9
David KingVino Version2.9.2
David KingVino Version2.10
David KingVino Version2.11
David KingVino Version2.12
David KingVino Version2.13
David KingVino Version2.13.5
David KingVino Version2.14
David KingVino Version2.15
David KingVino Version2.16
David KingVino Version2.17
David KingVino Version2.17.2
David KingVino Version2.17.4
David KingVino Version2.17.5
David KingVino Version2.17.92
David KingVino Version2.18
David KingVino Version2.18.1
David KingVino Version2.19
David KingVino Version2.19.5
David KingVino Version2.19.90
David KingVino Version2.19.92
David KingVino Version2.20
David KingVino Version2.20.1
David KingVino Version2.21
David KingVino Version2.21.1
David KingVino Version2.21.2
David KingVino Version2.21.3
David KingVino Version2.21.90
David KingVino Version2.21.91
David KingVino Version2.21.92
David KingVino Version2.22
David KingVino Version2.22.1
David KingVino Version2.22.2
David KingVino Version2.23
David KingVino Version2.23.5
David KingVino Version2.23.90
David KingVino Version2.23.91
David KingVino Version2.23.92
David KingVino Version2.24
David KingVino Version2.24.1
David KingVino Version2.25
David KingVino Version2.25.3
David KingVino Version2.25.4
David KingVino Version2.25.5
David KingVino Version2.25.90
David KingVino Version2.25.91
David KingVino Version2.25.92
David KingVino Version2.26
David KingVino Version2.26.1
David KingVino Version2.26.2
David KingVino Version2.27
David KingVino Version2.27.5
David KingVino Version2.27.90
David KingVino Version2.27.91
David KingVino Version2.27.92
David KingVino Version2.28
David KingVino Version2.28.1
David KingVino Version2.28.2
David KingVino Version2.32.0
David KingVino Version2.32.1
David KingVino Version3.0.0
David KingVino Version3.0.1
David KingVino Version3.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.3% 0.811
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news
http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news
http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news
http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0
Patch
http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f
Patch
http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279
Patch
http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a
Patch
http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4
Patch
http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d
Patch
http://git.gnome.org/browse/vino/log/?h=gnome-2-30
Patch
http://git.gnome.org/browse/vino/tree/NEWS
http://rhn.redhat.com/errata/RHSA-2013-0169.html
http://secunia.com/advisories/44410
Vendor Advisory
http://secunia.com/advisories/44463
Vendor Advisory
http://www.debian.org/security/2011/dsa-2238
http://www.mandriva.com/security/advisories?name=MDVSA-2011:087
http://www.securityfocus.com/bid/47681
http://www.ubuntu.com/usn/usn-1128-1/
http://www.vupen.com/english/advisories/2011/1144
Vendor Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=641802
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=694455
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/67243