CVE-2013-5745

Name of the Vulnerable Software and Affected Versions GNOME Vino versions 2.26.1 through 3.7.3 GNOME Vino version 3.8 when encryption is disabled

Description The issue is related to the vino server client data pending function in vino-server.c, which does not properly clear client data when an error causes the connection to close during authentication. This allows remote attackers to cause a denial of service via multiple crafted requests during authentication, leading to an infinite loop, CPU, and disk consumption.

Recommendations For GNOME Vino versions 2.26.1 through 3.7.3, update to a version where the vino server client data pending function is properly fixed. For GNOME Vino version 3.8, enable encryption to prevent exploitation. As a temporary workaround, consider disabling the vino server client data pending function until a patch is available. Restrict access to the vino-server.c module to minimize the risk of exploitation.