Search criteria
6 vulnerabilities by david_king
CVE-2013-5745 (GCVE-0-2013-5745)
Vulnerability from cvelistv5 – Published: 2013-10-01 17:00 – Updated: 2024-08-06 17:22
VLAI
Summary
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://bugzilla.gnome.org/show_bug.cgi?id=641811 | x_refsource_CONFIRM |
| https://www.trustwave.com/spiderlabs/advisories/T… | x_refsource_MISC |
| http://rhn.redhat.com/errata/RHSA-2013-1452.html | vendor-advisoryx_refsource_REDHAT |
| http://secunia.com/advisories/55090 | third-party-advisoryx_refsource_SECUNIA |
| https://bugzilla.gnome.org/show_bug.cgi?id=707905 | x_refsource_CONFIRM |
| http://www.ubuntu.com/usn/USN-1980-1 | vendor-advisoryx_refsource_UBUNTU |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
Date Public
2013-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:22:30.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641811"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt"
},
{
"name": "RHSA-2013:1452",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1452.html"
},
{
"name": "55090",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55090"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=707905"
},
{
"name": "USN-1980-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1980-1"
},
{
"name": "SUSE-SU-2013:1631",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-01T17:26:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641811"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt"
},
{
"name": "RHSA-2013:1452",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1452.html"
},
{
"name": "55090",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55090"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=707905"
},
{
"name": "USN-1980-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1980-1"
},
{
"name": "SUSE-SU-2013:1631",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=641811",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641811"
},
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt"
},
{
"name": "RHSA-2013:1452",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1452.html"
},
{
"name": "55090",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55090"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=707905",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=707905"
},
{
"name": "USN-1980-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1980-1"
},
{
"name": "SUSE-SU-2013:1631",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5745",
"datePublished": "2013-10-01T17:00:00.000Z",
"dateReserved": "2013-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:22:30.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1164 (GCVE-0-2011-1164)
Vulnerability from cvelistv5 – Published: 2013-03-12 22:00 – Updated: 2024-08-06 22:14
VLAI
Summary
Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0169.html | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.gnome.org/show_bug.cgi?id=596190 | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=553477 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:28.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=596190"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T22:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:0169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=596190"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1164",
"datePublished": "2013-03-12T22:00:00.000Z",
"dateReserved": "2011-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:14:28.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1165 (GCVE-0-2011-1165)
Vulnerability from cvelistv5 – Published: 2013-03-12 22:00 – Updated: 2024-08-06 22:14
VLAI
Summary
Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0169.html | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.gnome.org/show_bug.cgi?id=594521 | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=678846 | x_refsource_MISC |
| http://git.gnome.org/browse/vino/commit/?id=410bb… | x_refsource_CONFIRM |
| http://www.dslreports.com/forum/r25446313-Ubuntu-… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:28.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=594521"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=410bbf8e284409bdef02322af4d4a3a388419566"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.dslreports.com/forum/r25446313-Ubuntu-computer-hijacked-by-hacker~start=40"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the \"Configure network to automatically accept connections\" setting is enabled, which might make it easier for remote attackers to perform further attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-12T22:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:0169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=594521"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=410bbf8e284409bdef02322af4d4a3a388419566"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.dslreports.com/forum/r25446313-Ubuntu-computer-hijacked-by-hacker~start=40"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1165",
"datePublished": "2013-03-12T22:00:00.000Z",
"dateReserved": "2011-03-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:14:28.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4429 (GCVE-0-2012-4429)
Vulnerability from cvelistv5 – Published: 2012-10-01 00:00 – Updated: 2024-08-06 20:35
VLAI
Summary
Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://rhn.redhat.com/errata/RHSA-2013-0169.html | vendor-advisoryx_refsource_REDHAT |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.openwall.com/lists/oss-security/2012/09/14/1 | mailing-listx_refsource_MLIST |
| http://www.ubuntu.com/usn/USN-1701-1 | vendor-advisoryx_refsource_UBUNTU |
| http://www.securityfocus.com/bid/55548 | vdb-entryx_refsource_BID |
| http://www.openwall.com/lists/oss-security/2012/0… | mailing-listx_refsource_MLIST |
| http://secunia.com/advisories/50527 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2012-06-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:0169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"name": "vino-clipboard-info-disclosure(78602)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78602"
},
{
"name": "[oss-security] 20120913 Re: CVE request: information leak in vino",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/14/1"
},
{
"name": "USN-1701-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1701-1"
},
{
"name": "55548",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55548"
},
{
"name": "[oss-security] 20120913 CVE request: information leak in vino",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/25"
},
{
"name": "50527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50527"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:0169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"name": "vino-clipboard-info-disclosure(78602)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78602"
},
{
"name": "[oss-security] 20120913 Re: CVE request: information leak in vino",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/14/1"
},
{
"name": "USN-1701-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1701-1"
},
{
"name": "55548",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55548"
},
{
"name": "[oss-security] 20120913 CVE request: information leak in vino",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/25"
},
{
"name": "50527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50527"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4429",
"datePublished": "2012-10-01T00:00:00.000Z",
"dateReserved": "2012-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:35:09.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0905 (GCVE-0-2011-0905)
Vulnerability from cvelistv5 – Published: 2011-05-10 18:00 – Updated: 2024-08-06 22:05
VLAI
Summary
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
23 references
Date Public
2011-05-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
},
{
"name": "USN-1128-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-1128-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "MDVSA-2011:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
},
{
"name": "RHSA-2013:0169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641803"
},
{
"name": "44410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
},
{
"name": "ADV-2011-1144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1144"
},
{
"name": "vino-framebuffer-dos(67244)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67244"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
},
{
"name": "47681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47681"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
},
{
"name": "DSA-2238",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2238"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
},
{
"name": "44463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44463"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/tree/NEWS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
},
{
"name": "USN-1128-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-1128-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "MDVSA-2011:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
},
{
"name": "RHSA-2013:0169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641803"
},
{
"name": "44410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
},
{
"name": "ADV-2011-1144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1144"
},
{
"name": "vino-framebuffer-dos(67244)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67244"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
},
{
"name": "47681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47681"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
},
{
"name": "DSA-2238",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2238"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
},
{
"name": "44463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44463"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/tree/NEWS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
},
{
"name": "USN-1128-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-1128-1/"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "MDVSA-2011:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
},
{
"name": "RHSA-2013:0169",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=641803",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641803"
},
{
"name": "44410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44410"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
},
{
"name": "ADV-2011-1144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1144"
},
{
"name": "vino-framebuffer-dos(67244)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67244"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
},
{
"name": "47681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47681"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=694456",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
},
{
"name": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
},
{
"name": "DSA-2238",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2238"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
},
{
"name": "44463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44463"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
},
{
"name": "http://git.gnome.org/browse/vino/tree/NEWS",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/tree/NEWS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0905",
"datePublished": "2011-05-10T18:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:54.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0904 (GCVE-0-2011-0904)
Vulnerability from cvelistv5 – Published: 2011-05-10 18:00 – Updated: 2024-08-06 22:05
VLAI
Summary
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
23 references
Date Public
2011-05-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:54.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "vino-input-dos(67243)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
},
{
"name": "USN-1128-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-1128-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "MDVSA-2011:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
},
{
"name": "RHSA-2013:0169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"name": "44410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44410"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
},
{
"name": "ADV-2011-1144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
},
{
"name": "47681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47681"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
},
{
"name": "DSA-2238",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2238"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
},
{
"name": "44463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44463"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.gnome.org/browse/vino/tree/NEWS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "vino-input-dos(67243)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
},
{
"name": "USN-1128-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-1128-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "MDVSA-2011:087",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
},
{
"name": "RHSA-2013:0169",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"name": "44410",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44410"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
},
{
"name": "ADV-2011-1144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
},
{
"name": "47681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47681"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
},
{
"name": "DSA-2238",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2238"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
},
{
"name": "44463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44463"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.gnome.org/browse/vino/tree/NEWS"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vino-input-dos(67243)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
},
{
"name": "USN-1128-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-1128-1/"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
},
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "MDVSA-2011:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
},
{
"name": "RHSA-2013:0169",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
},
{
"name": "44410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44410"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
},
{
"name": "ADV-2011-1144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1144"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
},
{
"name": "47681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47681"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
},
{
"name": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
},
{
"name": "DSA-2238",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2238"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=641802",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=694455",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
},
{
"name": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
},
{
"name": "44463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44463"
},
{
"name": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news",
"refsource": "CONFIRM",
"url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
},
{
"name": "http://git.gnome.org/browse/vino/tree/NEWS",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/vino/tree/NEWS"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0904",
"datePublished": "2011-05-10T18:00:00.000Z",
"dateReserved": "2011-02-08T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:05:54.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}