PT-2011-2749 · Gnome+2 · Vino+2
Published
2011-05-10
·
Updated
2024-06-15
·
CVE-2011-0904
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Vino versions 2.x through 2.28.2
Vino versions 2.32.x through 2.32.1
Vino versions 3.0.x through 3.0.1
Vino versions 3.1.x through 3.1.0
Description
The issue allows remote authenticated users to cause a denial of service, resulting in a daemon crash. This occurs when raw encoding is used and a large X or Y position value is sent in a framebuffer update request, triggering an out-of-bounds memory access. The functions
rfbSendFramebufferUpdate, rfbTranslateNone, and rfbSendRectEncodingRaw are related to this issue.Recommendations
For Vino versions 2.x through 2.28.2, update to version 2.28.3 or later.
For Vino versions 2.32.x through 2.32.1, update to version 2.32.2 or later.
For Vino versions 3.0.x through 3.0.1, update to version 3.0.2 or later.
For Vino versions 3.1.x through 3.1.0, update to version 3.1.1 or later.
Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos
Red Hat
Vino