Vulnerability Description
An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecified other impact via a specially crafted VNC packet.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vncterm Project | Vncterm | <= 0.9.10 |
Related Weaknesses (CWE)
References
- http://openwall.com/lists/oss-security/2018/02/18/2Mailing List
- https://github.com/LibVNC/vncterm/issues/6PatchThird Party Advisory
- https://security.gentoo.org/glsa/201908-05
- http://openwall.com/lists/oss-security/2018/02/18/2Mailing List
- https://github.com/LibVNC/vncterm/issues/6PatchThird Party Advisory
- https://security.gentoo.org/glsa/201908-05
FAQ
What is CVE-2018-7226?
CVE-2018-7226 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length...
How severe is CVE-2018-7226?
CVE-2018-7226 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-7226?
Check the references section above for vendor advisories and patch information. Affected products include: Vncterm Project Vncterm.