SB2018041059 - Integer overflow in libvncserver (Alpine package)
Published: April 10, 2018
Security Bulletin ID
SB2018041059
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2018-7225)
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists in the rfbProcessClientNormalMessage() function due to integer overflow. A remote attacker can trigger memory corruption and gain access to potentially sensitive information.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=7f993019c4f6466e8d8dc2063699f749eedba865
- https://git.alpinelinux.org/aports/commit/?id=bf1ec813f662f128fc6b70f37ef1c0474bb24488
- https://git.alpinelinux.org/aports/commit/?id=e3a33d48d59a183072d3ee0da1298f28fc3f2f11
- https://git.alpinelinux.org/aports/commit/?id=22306ce240e5b8a0067c806bb73235f72ad3f81d
- https://git.alpinelinux.org/aports/commit/?id=8cb1ee23b7bc0d719ec7229ba43bf47891d68dbf
- https://git.alpinelinux.org/aports/commit/?id=ef8044ed82008b70d1e6fc86b340d60d3c0d16a0