cvelist/2018/7xxx/CVE-2018-7225.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "cve@mitre.org",
      "ID" : "CVE-2018-7225",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "n/a",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "n/a"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "n/a"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "n/a"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "[debian-lts-announce] 20180330 [SECURITY] [DLA 1332-1] libvncserver security update",
            "refsource" : "MLIST",
            "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html"
         },
         {
            "name" : "http://www.openwall.com/lists/oss-security/2018/02/18/1",
            "refsource" : "MISC",
            "url" : "http://www.openwall.com/lists/oss-security/2018/02/18/1"
         },
         {
            "name" : "https://github.com/LibVNC/libvncserver/issues/218",
            "refsource" : "MISC",
            "url" : "https://github.com/LibVNC/libvncserver/issues/218"
         },
         {
            "name" : "DSA-4221",
            "refsource" : "DEBIAN",
            "url" : "https://www.debian.org/security/2018/dsa-4221"
         },
         {
            "name" : "RHSA-2018:1055",
            "refsource" : "REDHAT",
            "url" : "https://access.redhat.com/errata/RHSA-2018:1055"
         },
         {
            "name" : "USN-3618-1",
            "refsource" : "UBUNTU",
            "url" : "https://usn.ubuntu.com/3618-1/"
         },
         {
            "name" : "103107",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/103107"
         }
      ]
   }
}
- Synchronized data. 2018-02-19 10:04:51 -05:00			`{`
			`"CVE_data_meta" : {`
			`"ASSIGNER" : "cve@mitre.org",`
			`"ID" : "CVE-2018-7225",`
			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "n/a",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "n/a"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "n/a"`
			`}`
			`]`
			`}`
			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "An issue was discovered in LibVNCServer through 0.9.11. rfbProcessClientNormalMessage() in rfbserver.c does not sanitize msg.cct.length, leading to access to uninitialized and potentially sensitive data or possibly unspecified other impact (e.g., an integer overflow) via specially crafted VNC packets."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "n/a"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
- Synchronized data. 2018-03-31 06:05:04 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "[debian-lts-announce] 20180330 [SECURITY] [DLA 1332-1] libvncserver security update",`
			`"refsource" : "MLIST",`
- Synchronized data. 2018-03-31 06:05:04 -04:00			`"url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00035.html"`
			`},`
- Synchronized data. 2018-02-19 10:04:51 -05:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "http://www.openwall.com/lists/oss-security/2018/02/18/1",`
			`"refsource" : "MISC",`
- Synchronized data. 2018-02-19 10:04:51 -05:00			`"url" : "http://www.openwall.com/lists/oss-security/2018/02/18/1"`
			`},`
			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "https://github.com/LibVNC/libvncserver/issues/218",`
			`"refsource" : "MISC",`
- Synchronized data. 2018-02-19 10:04:51 -05:00			`"url" : "https://github.com/LibVNC/libvncserver/issues/218"`
- Synchronized data. 2018-02-23 06:04:12 -05:00			`},`
- Synchronized data. 2018-06-09 06:03:07 -04:00			`{`
			`"name" : "DSA-4221",`
			`"refsource" : "DEBIAN",`
			`"url" : "https://www.debian.org/security/2018/dsa-4221"`
			`},`
- Synchronized data. 2018-04-11 06:04:47 -04:00			`{`
			`"name" : "RHSA-2018:1055",`
			`"refsource" : "REDHAT",`
			`"url" : "https://access.redhat.com/errata/RHSA-2018:1055"`
			`},`
- Synchronized data. 2018-04-05 06:09:06 -04:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "USN-3618-1",`
			`"refsource" : "UBUNTU",`
- Synchronized data. 2018-04-05 06:09:06 -04:00			`"url" : "https://usn.ubuntu.com/3618-1/"`
			`},`
- Synchronized data. 2018-02-23 06:04:12 -05:00			`{`
- Added 'refsource' and 'name' attributes for reference urls and aligned treatment of whitespace in descriptions with data downloads. 2018-04-05 09:33:01 -04:00			`"name" : "103107",`
			`"refsource" : "BID",`
- Synchronized data. 2018-02-23 06:04:12 -05:00			`"url" : "http://www.securityfocus.com/bid/103107"`
- Synchronized data. 2018-02-19 10:04:51 -05:00			`}`
			`]`
			`}`
			`}`