PT-2011-2749 · Gnome+2 · Vino+2
Publicado
2011-05-10
·
Atualizado
2024-06-15
·
CVE-2011-0904
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Vino versions 2.x through 2.28.2
Vino versions 2.32.x through 2.32.1
Vino versions 3.0.x through 3.0.1
Vino versions 3.1.x through 3.1.0
Description
The issue allows remote authenticated users to cause a denial of service, resulting in a daemon crash. This occurs when raw encoding is used and a large X or Y position value is sent in a framebuffer update request, triggering an out-of-bounds memory access. The functions
rfbSendFramebufferUpdate, rfbTranslateNone, and rfbSendRectEncodingRaw are related to this issue.Recommendations
For Vino versions 2.x through 2.28.2, update to version 2.28.3 or later.
For Vino versions 2.32.x through 2.32.1, update to version 2.32.2 or later.
For Vino versions 3.0.x through 3.0.1, update to version 3.0.2 or later.
For Vino versions 3.1.x through 3.1.0, update to version 3.1.1 or later.
Correção
DoS
Buffer Overflow
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Centos
Red Hat
Vino