CVE-2018-7225
Published: 19 February 2018
An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
italc Launchpad, Ubuntu, Debian |
bionic |
Released
(1:3.0.3+dfsg1-3ubuntu0.1)
|
| focal |
Does not exist
|
|
| groovy |
Does not exist
|
|
| trusty |
Does not exist
(trusty was needed)
|
|
| upstream |
Released
(1:3.0.3+dfsg1-1+deb9u1, 1:2.0.2+dfsg1-2+deb8u1)
|
|
| xenial |
Released
(1:2.0.2+dfsg1-4ubuntu0.1)
|
|
| impish |
Does not exist
|
|
| hirsute |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| lunar |
Does not exist
|
|
| mantic |
Does not exist
|
|
|
libvncserver Launchpad, Ubuntu, Debian |
bionic |
Released
(0.9.11+dfsg-1ubuntu0.1)
|
| focal |
Released
(0.9.11+dfsg-1ubuntu0.1)
|
|
| impish |
Released
(0.9.11+dfsg-1ubuntu1)
|
|
| artful |
Released
(0.9.11+dfsg-1ubuntu0.1)
|
|
| groovy |
Released
(0.9.11+dfsg-1ubuntu1)
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(0.9.10+dfsg-3ubuntu0.16.04.2)
|
|
| hirsute |
Released
(0.9.11+dfsg-1ubuntu1)
|
|
| jammy |
Released
(0.9.11+dfsg-1ubuntu1)
|
|
| kinetic |
Released
(0.9.11+dfsg-1ubuntu1)
|
|
| lunar |
Released
(0.9.11+dfsg-1ubuntu1)
|
|
| trusty |
Released
(0.9.9+dfsg-1ubuntu1.3)
|
|
| mantic |
Released
(0.9.11+dfsg-1ubuntu1)
|
|
|
Patches: upstream: https://github.com/LibVNC/libvncserver/commit/28afb6c537dc82ba04d5f245b15ca7205c6dbb9c |
||
|
tightvnc Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| upstream |
Released
(1:1.3.9-6.5+deb8u1)
|
|
| xenial |
Needs triage
|
|
| hirsute |
Ignored
(end of life)
|
|
| jammy |
Needs triage
|
|
| impish |
Ignored
(end of life)
|
|
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| trusty |
Released
(1.3.9-6.5+deb8u1build0.14.04.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
| lunar |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
vino Launchpad, Ubuntu, Debian |
bionic |
Released
(3.22.0-3ubuntu1.1)
|
| focal |
Released
(3.22.0-5ubuntu2.1)
|
|
| groovy |
Released
(3.22.0-6ubuntu1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| impish |
Released
(3.22.0-6ubuntu1)
|
|
| hirsute |
Released
(3.22.0-6ubuntu1)
|
|
| jammy |
Released
(3.22.0-6ubuntu1)
|
|
| kinetic |
Released
(3.22.0-6ubuntu1)
|
|
| lunar |
Released
(3.22.0-6ubuntu1)
|
|
| xenial |
Released
(3.8.1-0ubuntu9.3)
|
|
| mantic |
Released
(3.22.0-6ubuntu1)
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7225
- http://www.openwall.com/lists/oss-security/2018/02/18/1
- https://ubuntu.com/security/notices/USN-3618-1
- https://ubuntu.com/security/notices/USN-4547-1
- https://ubuntu.com/security/notices/USN-4573-1
- https://ubuntu.com/security/notices/USN-4587-1
- NVD
- Launchpad
- Debian