92 matches found
DEBIAN-CVE-2017-18922
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow...
CVE-2017-18922
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow...
CVE-2017-18922
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow...
CVE-2017-18922
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow...
UBUNTU-CVE-2017-18922
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow...
CVE-2017-18922
CVE-2017-18922 : LibVNCServer’s websockets.c (prior to 0.9.12) is affected; multiple advisories report that malformed WebSocket frames can trigger a heap-based buffer overflow. The connected Nessus entries confirm affected packages across various distros (e.g., MiracleLinux, Alibaba Cloud Linux, ...
CVE-2017-18922
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow...
Denial Of Service (DoS)
github.com/gorilla/websocket is vulnerable to denial of service DoS. An integer overflow in conn.go when parsing WebSocket frames allows a remote attacker to cause the server to consume excessive amount of memory, resulting in an application crash when the server runs out of memory...
netty: DoS via memory exhaustion during data aggregation
A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...
netty: DoS via memory exhaustion during data aggregation
A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...
netty: DoS via memory exhaustion during data aggregation
A flaw was found in the WebSocket08FrameDecoder implementation that could allow a remote attacker to trigger an Out Of Memory Exception by issuing a series of TextWebSocketFrame and ContinuationWebSocketFrames. Depending on the server configuration, this could lead to a denial of service...
PT-2014-3528 · Netty · Netty
Name of the Vulnerable Software and Affected Versions: Netty versions 3.6.x through 3.6.8 Netty versions 3.7.x through 3.7.0 Netty versions 3.8.x through 3.8.1 Netty versions 3.9.x through 3.9.0 Netty versions 4.0.x through 4.0.18 Description: The issue allows remote attackers to cause a denial o...