7.5

CVE-2017-7396

In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
TigervncTigervnc Version1.7.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.03% 0.786
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://access.redhat.com/errata/RHSA-2017:2000
https://security.gentoo.org/glsa/201801-13
http://www.securityfocus.com/bid/97305
https://github.com/TigerVNC/tigervnc/pull/436
Patch
Third Party Advisory
Issue Tracking
https://github.com/TigerVNC/tigervnc/pull/436/commits/dccb5f7d776e93863ae10bbff56a45c523c6eeb0
Patch
Third Party Advisory
Issue Tracking