CVE-2017-18922 — CRITICAL (9.8)

Q: How severe is CVE-2017-18922?

CVE-2017-18922 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2017-18922?

Check the references section above for vendor advisories and patch information. Affected products include: Libvncserver Project Libvncserver, Canonical Ubuntu Linux, Opensuse Leap, Fedoraproject Fedora, Siemens Simatic Itc1500 Firmware.

Vulnerability Description

It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Libvncserver Project	Libvncserver	< 0.9.12
Canonical	Ubuntu Linux	16.04
Opensuse	Leap	15.1
Fedoraproject	Fedora	31
Siemens	Simatic Itc1500 Firmware	>= 3.0.0.0, < 3.2.1.0
Siemens	Simatic Itc1500	-
Siemens	Simatic Itc1500 Pro Firmware	>= 3.0.0.0, < 3.2.1.0
Siemens	Simatic Itc1500 Pro	-
Siemens	Simatic Itc1900 Firmware	>= 3.0.0.0, < 3.2.1.0
Siemens	Simatic Itc1900	-
Siemens	Simatic Itc1900 Pro Firmware	>= 3.0.0.0, < 3.2.1.0
Siemens	Simatic Itc1900 Pro	-
Siemens	Simatic Itc2200 Firmware	>= 3.0.0.0, < 3.2.1.0
Siemens	Simatic Itc2200	-
Siemens	Simatic Itc2200 Pro Firmware	>= 3.0.0.0, < 3.2.1.0
Siemens	Simatic Itc2200 Pro	-

Related Weaknesses (CWE)

CWE-787

References

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00020.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00028.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.htmlMailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2020/06/30/3Mailing ListThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1852356Issue TrackingThird Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdfPatchThird Party Advisory
https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a84PatchThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://usn.ubuntu.com/4407-1/PatchThird Party Advisory
https://www.openwall.com/lists/oss-security/2020/06/30/2Mailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00020.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00028.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2017-18922?

CVE-2017-18922 is a vulnerability with a CVSS score of 9.8 (CRITICAL). It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket fra...

How severe is CVE-2017-18922?

CVE-2017-18922 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-18922?

Check the references section above for vendor advisories and patch information. Affected products include: Libvncserver Project Libvncserver, Canonical Ubuntu Linux, Opensuse Leap, Fedoraproject Fedora, Siemens Simatic Itc1500 Firmware.