CVE-2017-18922
30.06.2020, 11:15
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| libvncserver_project | libvncserver | 𝑥 < 0.9.12 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 19.10 |
| canonical | ubuntu_linux | 20.04 |
| opensuse | leap | 15.1 |
| opensuse | leap | 15.2 |
| siemens | simatic_itc1500_firmware | 3.0.0.0 ≤ 𝑥 < 3.2.1.0 |
| siemens | simatic_itc1500_pro_firmware | 3.0.0.0 ≤ 𝑥 < 3.2.1.0 |
| siemens | simatic_itc1900_firmware | 3.0.0.0 ≤ 𝑥 < 3.2.1.0 |
| siemens | simatic_itc1900_pro_firmware | 3.0.0.0 ≤ 𝑥 < 3.2.1.0 |
| siemens | simatic_itc2200_firmware | 3.0.0.0 ≤ 𝑥 < 3.2.1.0 |
| siemens | simatic_itc2200_pro_firmware | 3.0.0.0 ≤ 𝑥 < 3.2.1.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libvncserver |
| ||||||||||||||||||||||||||
| veyon |
| ||||||||||||||||||||||||||
| x11vnc |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libvncclient0 |
| ||||||||||||||||||||||||||||||||
| libvncclient1 |
| ||||||||||||||||||||||||||||||||
| libvncserver0 |
| ||||||||||||||||||||||||||||||||
| libvncserver1 |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libvncserver |
| ||||||||||||||||
| libvncserver-devel |
|
Common Weakness Enumeration
References