CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7394 – tigervnc: Server crash via long usernames
https://notcve.org/view.php?id=CVE-2017-7394
In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames. En TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), usuarios no autenticados pueden bloquear el servidor enviando nombres de usuario largos. A missing input sanitization flaw was found in the way TigerVNC handled credentials. A remote unauthenticated attacker could use this flaw to make Xvnc crash by sending specially crafted usernames, resulting in denial of service. • http://www.securityfocus.com/bid/97305 https://access.redhat.com/errata/RHSA-2017:2000 https://github.com/TigerVNC/tigervnc/pull/440 https://security.gentoo.org/glsa/201801-13 https://access.redhat.com/security/cve/CVE-2017-7394 https://bugzilla.redhat.com/show_bug.cgi?id=1438700 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7395 – tigervnc: Integer overflow in SMsgReader::readClientCutText
https://notcve.org/view.php?id=CVE-2017-7395
In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server. En TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), provocando un desbordamiento de entero, un cliente autenticado puede bloquear el servidor. An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages, resulting in denial of service. • http://www.securityfocus.com/bid/97305 https://access.redhat.com/errata/RHSA-2017:2000 https://github.com/TigerVNC/tigervnc/pull/436 https://github.com/TigerVNC/tigervnc/pull/436/commits/bf3bdac082978ca32895a4b6a123016094905689 https://security.gentoo.org/glsa/201801-13 https://access.redhat.com/security/cve/CVE-2017-7395 https://bugzilla.redhat.com/show_bug.cgi?id=1438701 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7396 – tigervnc: SecurityServer and ClientServer memory leaks
https://notcve.org/view.php?id=CVE-2017-7396
In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server. En TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), un cliente no autenticado puede provocar una fuga pequeña fuga de memoria en el servidor. A memory leak flaw was found in the way TigerVNC handled client connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. • http://www.securityfocus.com/bid/97305 https://access.redhat.com/errata/RHSA-2017:2000 https://github.com/TigerVNC/tigervnc/pull/436 https://github.com/TigerVNC/tigervnc/pull/436/commits/dccb5f7d776e93863ae10bbff56a45c523c6eeb0 https://security.gentoo.org/glsa/201801-13 https://access.redhat.com/security/cve/CVE-2017-7396 https://bugzilla.redhat.com/show_bug.cgi?id=1438703 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 2CVE-2016-10207 – tigervnc: VNC server can crash when TLS handshake terminates early
https://notcve.org/view.php?id=CVE-2016-10207
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early. El servidor Xvnc en TigerVNC permite a atacantes remotos provocar una denegación de servicio (acceso a memoria no válida y caída) terminando un apretón de manos TLS temprano. A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early. • http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00020.html http://rhn.redhat.com/errata/RHSA-2017-0630.html http://www.openwall.com/lists/oss-security/2017/02/02/22 http://www.openwall.com/lists/oss-security/2017/02/05/2 http://www.securityfocus.com/bid/96012 https://access.redhat.com/errata/RHSA-2017:2000 https://bugzilla.suse.com/show_bug.cgi?id=1023012 https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649 https://security.gentoo.o • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-5581 – tigervnc: Buffer overflow in ModifiablePixelBuffer::fillRect
https://notcve.org/view.php?id=CVE-2017-5581
Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries. Desbordamiento de búfer en la función ModifiablePixelBuffer::fillRect en TigerVNC en versiones anteriores a 1.7.1 permite a servidores remotos ejecutar código arbitrario a través de un mensaje RRE con un subrectangulo fuera de los límites del marco del búfer. A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service. • http://rhn.redhat.com/errata/RHSA-2017-0630.html http://www.openwall.com/lists/oss-security/2017/01/22/1 http://www.openwall.com/lists/oss-security/2017/01/25/6 http://www.securityfocus.com/bid/95789 https://access.redhat.com/errata/RHSA-2017:2000 https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba https://github.com/TigerVNC/tigervnc/pull/399 https://github.com/TigerVNC/tigervnc/releases/tag/v1.7.1 https://security.gentoo.org/glsa/201702-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •