The rfbClientCleanup() function is responsible for freeing up allocated client objects. This can be exploited to cause a denial of service condition.
CVE-2019-1897 The rfbVncServerOpen() function in libvncserver/libvncserver.c in rfbvncserver before 1.1.2 is vulnerable to a denial of service condition due to an integer overflow when parsing the privileged X11 socket’s length. A malicious client could cause rfbvncserver to crash.
CVE-2018-5373 In rfbvncserver before 1.1.2, a malicious remote user could cause rfbvncserver to crash via a crafted request (for example, a crafted RSH command) by sending a negative X-Forwarded-For value. This occurs because rfbvncserver does not properly handle the response from rfbVncServerSetRemoteForward() to the client.
CVE-2018-5372 In rfbvncserver before 1.1.2, a malicious remote user could cause rfbvncserver to crash via a crafted request (for example, a crafted RSH command) by sending a negative X-Forwarded-For value. This occurs because rfbvncserver does not properly handle the response from rfbVncServerSetRemoteForward() to the client.
CVE-2018-5370 In rfbvncserver before 1
^
CVE-2019-1897 ^ CVE-2018-5373 ^ CVE-2018-5372
The 5 most common mistakes companies make when outsourcing SEO & how to avoid them.
Timeline
Published on: 09/02/2022 23:15:00 UTC
Last modified on: 09/08/2022 03:19:00 UTC