Lucene search

[email protected]NVD:CVE-2011-0904

HistoryMay 10, 2011 - 6:55 p.m.

CVE-2011-0904

2011-05-1018:55:01

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

AI Score

Confidence

Low

EPSS

0.011

Percentile

84.5%

JSON

The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.

Affected configurations

Nvd

Node

david_kingvinoMatch2.7

david_kingvinoMatch2.7.3

david_kingvinoMatch2.7.3.1

david_kingvinoMatch2.7.4

david_kingvinoMatch2.7.4.90

david_kingvinoMatch2.7.4.91

david_kingvinoMatch2.7.92

david_kingvinoMatch2.8

david_kingvinoMatch2.9

david_kingvinoMatch2.9.2

david_kingvinoMatch2.10

david_kingvinoMatch2.11

david_kingvinoMatch2.12

david_kingvinoMatch2.13

david_kingvinoMatch2.13.5

david_kingvinoMatch2.14

david_kingvinoMatch2.15

david_kingvinoMatch2.16

david_kingvinoMatch2.17

david_kingvinoMatch2.17.2

david_kingvinoMatch2.17.4

david_kingvinoMatch2.17.5

david_kingvinoMatch2.17.92

david_kingvinoMatch2.18

david_kingvinoMatch2.18.1

david_kingvinoMatch2.19

david_kingvinoMatch2.19.5

david_kingvinoMatch2.19.90

david_kingvinoMatch2.19.92

david_kingvinoMatch2.20

david_kingvinoMatch2.20.1

david_kingvinoMatch2.21

david_kingvinoMatch2.21.1

david_kingvinoMatch2.21.2

david_kingvinoMatch2.21.3

david_kingvinoMatch2.21.90

david_kingvinoMatch2.21.91

david_kingvinoMatch2.21.92

david_kingvinoMatch2.22

david_kingvinoMatch2.22.1

david_kingvinoMatch2.22.2

david_kingvinoMatch2.23

david_kingvinoMatch2.23.5

david_kingvinoMatch2.23.90

david_kingvinoMatch2.23.91

david_kingvinoMatch2.23.92

david_kingvinoMatch2.24

david_kingvinoMatch2.24.1

david_kingvinoMatch2.25

david_kingvinoMatch2.25.3

david_kingvinoMatch2.25.4

david_kingvinoMatch2.25.5

david_kingvinoMatch2.25.90

david_kingvinoMatch2.25.91

david_kingvinoMatch2.25.92

david_kingvinoMatch2.26

david_kingvinoMatch2.26.1

david_kingvinoMatch2.26.2

david_kingvinoMatch2.27

david_kingvinoMatch2.27.5

david_kingvinoMatch2.27.90

david_kingvinoMatch2.27.91

david_kingvinoMatch2.27.92

david_kingvinoMatch2.28

david_kingvinoMatch2.28.1

david_kingvinoMatch2.28.2

david_kingvinoMatch2.32.0

david_kingvinoMatch2.32.1

david_kingvinoMatch3.0.0

david_kingvinoMatch3.0.1

david_kingvinoMatch3.1

References

ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news

ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news

ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news

git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0

git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f

git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279

git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a

git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4

git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d

git.gnome.org/browse/vino/log/?h=gnome-2-30

git.gnome.org/browse/vino/tree/NEWS

lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html

rhn.redhat.com/errata/RHSA-2013-0169.html

secunia.com/advisories/44410

secunia.com/advisories/44463

www.debian.org/security/2011/dsa-2238

www.mandriva.com/security/advisories?name=MDVSA-2011:087

www.securityfocus.com/bid/47681

www.ubuntu.com/usn/usn-1128-1/

www.vupen.com/english/advisories/2011/1144

bugzilla.gnome.org/show_bug.cgi?id=641802

bugzilla.redhat.com/show_bug.cgi?id=694455

exchange.xforce.ibmcloud.com/vulnerabilities/67243

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

AI Score

Confidence

Low

EPSS

0.011

Percentile

84.5%

JSON

Related for NVD:CVE-2011-0904

ubuntucve1 prion1 cve1 debiancve1 cvelist1 veracode5 debian1 openvas17 nessus18 fedora2 securityvulns2 ubuntu1 centos1 oraclelinux2 redhat1 gentoo1