PT-2014-2018 · Libvncserver Team+5 · Libvncserver+5

Daniele Bianco

Publicado

2014-04-30

Atualizado

2020-10-23

CVE-2014-6051

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions LibVNCServer versions 0.9.9 and earlier

Description The issue is related to an integer overflow in the MallocFrameBuffer function, which can be triggered by a remote VNC server advertising a large screen size. This can cause a heap-based buffer overflow, potentially leading to a denial of service (crash) and possibly allowing the execution of arbitrary code. The vulnerability may also allow a remote attacker to access confidential data, compromise its integrity, and cause a disruption of service.

Recommendations For LibVNCServer versions 0.9.9 and earlier, consider disabling the MallocFrameBuffer function as a temporary workaround until a patch is available. Restrict access to the VNC server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

ALT-PU-2015-1418

BDU:2020-00583

CESA-2014_1826

CVE-2014-6051

DLA-197-1

DLA-1979-1

DSA-3081-1

MGASA-2014-0397

RHSA-2014:1826

RHSA-2014_1826

RHSA-2015:0113

SUSE-SU-2015:2088-1

SUSE-SU-2015:2088-2

SUSE-SU-2015:2110-1

SUSE-SU-2015_2088-1

SUSE-SU-2015_2088-2

SUSE-SU-2015_2110-1

USN-2365-1

USN-4587-1

Produtos afetados

Alt Linux

Centos

Libvncserver

Red Hat

Suse

Ubuntu

PT-2014-2018 · Libvncserver Team+5 · Libvncserver+5

CVE-2014-6051

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 175