CVE-2014-8241 — CRITICAL (9.8)

Vulnerability Description

XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tigervnc	Tigervnc	-
Redhat	Enterprise Linux Desktop	7.0
Redhat	Enterprise Linux Hpc Node	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Workstation	7.0

Related Weaknesses (CWE)

CWE-476

References

http://seclists.org/oss-sec/2014/q4/278Mailing List
http://seclists.org/oss-sec/2014/q4/300Mailing List
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.h
http://www.securityfocus.com/bid/70390Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1151312Issue Tracking
https://rhn.redhat.com/errata/RHSA-2015-2233.htmlThird Party Advisory
http://seclists.org/oss-sec/2014/q4/278Mailing List
http://seclists.org/oss-sec/2014/q4/300Mailing List
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.h
http://www.securityfocus.com/bid/70390Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1151312Issue Tracking
https://rhn.redhat.com/errata/RHSA-2015-2233.htmlThird Party Advisory

FAQ

What is CVE-2014-8241?

CVE-2014-8241 is a vulnerability with a CVSS score of 9.8 (CRITICAL). XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.

How severe is CVE-2014-8241?

CVE-2014-8241 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2014-8241?

Check the references section above for vendor advisories and patch information. Affected products include: Tigervnc Tigervnc, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Hpc Node, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.