Josef Gajdusek

Name of the Vulnerable Software and Affected Versions: Open On-Chip Debugger (OpenOCD) version 0.10.0 Description: The issue allows remote attackers to conduct cross-protocol scripting attacks and execute arbitrary commands via a crafted web site, by not blocking attempts to use HTTP POST for sending data to 127.0.0.1 port 4444. Recommendations: For OpenOCD version 0.10.0, as a temporary workaround, consider restricting access to the HTTP POST endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gtk-vnc versions prior to 0.7.0 **Description** The issue arises from improper boundary checking of subrectangle-containing tiles, allowing remote servers to execute arbitrary code. This can be achieved by crafting specific tiles, including rre, hextile, or copyrect tiles, with malicious src x, y coordinates. **Recommendations** For versions prior to 0.7.0, update to version 0.7.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** gtk-vnc versions prior to 0.7.0 **Description** The issue is related to multiple integer overflows in the `vnc connection server message` and `vnc color map set` functions. These overflows can be triggered by remote servers via vectors involving SetColorMapEntries, potentially leading to a buffer overflow. This could cause a denial of service (crash) or possibly allow the execution of arbitrary code. **Recommendations** For versions prior to 0.7.0, update to version 0.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `vnc connection server message` and `vnc color map set` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibVNCServer versions prior to 0.9.11 **Description** The issue is related to a heap-based buffer overflow in the rfbproto.c component of LibVNCServer, which can be exploited by remote servers. This can lead to a denial of service, causing the application to crash, or possibly allow the execution of arbitrary code. The vulnerability is triggered by a crafted FramebufferUpdate message containing a subrectangle outside of the client drawing area. **Recommendations** For versions prior to 0.9.11, update to version 0.9.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the `rfbproto.c` component or limiting the handling of FramebufferUpdate messages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LibVNCServer versions prior to 0.9.11 **Description** The issue is related to a heap-based buffer overflow in the ultra.c component of LibVNCServer. This can be exploited by remote servers via a crafted FramebufferUpdate message with the Ultra type tile, where the LZO payload decompressed length exceeds the tile dimensions. The exploitation may lead to a denial of service, causing the application to crash, or possibly allow the execution of arbitrary code. The vulnerability can also be used to gain unauthorized access to confidential data. **Recommendations** For versions prior to 0.9.11, update to version 0.9.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the ultra.c component until a patch is available. Avoid using the Ultra type tile in FramebufferUpdate messages until the issue is resolved.