CVE-2011-0905

EPSS 1.21%
Veröffentlicht 10.05.2011 18:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 26

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

David King ≫ Vino Version2.10

David King ≫ Vino Version2.11

David King ≫ Vino Version2.12

David King ≫ Vino Version2.13

David King ≫ Vino Version2.13.5

David King ≫ Vino Version2.14

David King ≫ Vino Version2.15

David King ≫ Vino Version2.16

David King ≫ Vino Version2.17

David King ≫ Vino Version2.17.2

David King ≫ Vino Version2.17.4

David King ≫ Vino Version2.17.5

David King ≫ Vino Version2.17.92

David King ≫ Vino Version2.18

David King ≫ Vino Version2.18.1

David King ≫ Vino Version2.19

David King ≫ Vino Version2.19.5

David King ≫ Vino Version2.19.90

David King ≫ Vino Version2.19.92

David King ≫ Vino Version2.20

David King ≫ Vino Version2.20.1

David King ≫ Vino Version2.21

David King ≫ Vino Version2.21.1

David King ≫ Vino Version2.21.2

David King ≫ Vino Version2.21.3

David King ≫ Vino Version2.21.90

David King ≫ Vino Version2.21.91

David King ≫ Vino Version2.21.92

David King ≫ Vino Version2.22

David King ≫ Vino Version2.22.1

David King ≫ Vino Version2.22.2

David King ≫ Vino Version2.23

David King ≫ Vino Version2.23.5

David King ≫ Vino Version2.23.90

David King ≫ Vino Version2.23.91

David King ≫ Vino Version2.23.92

David King ≫ Vino Version2.24

David King ≫ Vino Version2.24.1

David King ≫ Vino Version2.25

David King ≫ Vino Version2.25.3

David King ≫ Vino Version2.25.4

David King ≫ Vino Version2.25.5

David King ≫ Vino Version2.25.90

David King ≫ Vino Version2.25.91

David King ≫ Vino Version2.25.92

David King ≫ Vino Version2.26

David King ≫ Vino Version2.26.1

David King ≫ Vino Version2.26.2

David King ≫ Vino Version2.27

David King ≫ Vino Version2.27.5

David King ≫ Vino Version2.27.90

David King ≫ Vino Version2.27.91

David King ≫ Vino Version2.27.92

David King ≫ Vino Version2.28

David King ≫ Vino Version2.28.1

David King ≫ Vino Version2.28.2

David King ≫ Vino Version2.32.0

David King ≫ Vino Version2.32.1

David King ≫ Vino Version3.0.0

David King ≫ Vino Version3.0.1

David King ≫ Vino Version3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.21%	0.771

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:N/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news

http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news

http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news

http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0

Patch

http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f

Patch

http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279

Patch

http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a

Patch