ID CVE-2017-18922
Summary It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:libvncserver_project:libvncserver:0.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:libvncserver_project:libvncserver:0.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libvncserver_project:libvncserver:0.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:libvncserver_project:libvncserver:0.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libvncserver_project:libvncserver:0.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:libvncserver_project:libvncserver:0.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libvncserver_project:libvncserver:0.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:libvncserver_project:libvncserver:0.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libvncserver_project:libvncserver:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:libvncserver_project:libvncserver:0.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libvncserver_project:libvncserver:0.9.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:libvncserver_project:libvncserver:0.9.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libvncserver_project:libvncserver:0.9.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:libvncserver_project:libvncserver:0.9.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libvncserver_project:libvncserver:0.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:libvncserver_project:libvncserver:0.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:libvncserver_project:libvncserver:0.9.10:*:*:*:*:*:*:*
    cpe:2.3:a:libvncserver_project:libvncserver:0.9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:libvncserver_project:libvncserver:0.9.11:*:*:*:*:*:*:*
    cpe:2.3:a:libvncserver_project:libvncserver:0.9.11:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_itc1500_firmware:3.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_itc1500_firmware:3.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:3.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:3.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_itc1900_firmware:3.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_itc1900_firmware:3.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:3.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:3.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_itc2200_firmware:3.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_itc2200_firmware:3.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:*
  • cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:3.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:3.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:*
    cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 01-04-2022 - 18:08)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1852356
    title CVE-2017-18922 libvncserver: websocket decoding buffer overflow
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment libvncserver is earlier than 0:0.9.9-14.el7_8.1
            oval oval:com.redhat.rhsa:tst:20203281001
          • comment libvncserver is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141826002
        • AND
          • comment libvncserver-devel is earlier than 0:0.9.9-14.el7_8.1
            oval oval:com.redhat.rhsa:tst:20203281003
          • comment libvncserver-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141826004
    rhsa
    id RHSA-2020:3281
    released 2020-08-03
    severity Important
    title RHSA-2020:3281: libvncserver security update (Important)
  • bugzilla
    id 1852356
    title CVE-2017-18922 libvncserver: websocket decoding buffer overflow
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment libvncserver is earlier than 0:0.9.11-15.el8_2.1
            oval oval:com.redhat.rhsa:tst:20203385001
          • comment libvncserver is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141826002
        • AND
          • comment libvncserver-debugsource is earlier than 0:0.9.11-15.el8_2.1
            oval oval:com.redhat.rhsa:tst:20203385003
          • comment libvncserver-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20200920004
        • AND
          • comment libvncserver-devel is earlier than 0:0.9.11-15.el8_2.1
            oval oval:com.redhat.rhsa:tst:20203385005
          • comment libvncserver-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20141826004
    rhsa
    id RHSA-2020:3385
    released 2020-08-10
    severity Important
    title RHSA-2020:3385: libvncserver security update (Important)
rpms
  • libvncserver-0:0.9.9-14.el7_8.1
  • libvncserver-debuginfo-0:0.9.9-14.el7_8.1
  • libvncserver-devel-0:0.9.9-14.el7_8.1
  • libvncserver-0:0.9.11-15.el8_2.1
  • libvncserver-debuginfo-0:0.9.11-15.el8_2.1
  • libvncserver-debugsource-0:0.9.11-15.el8_2.1
  • libvncserver-devel-0:0.9.11-15.el8_2.1
  • libvncserver-0:0.9.11-9.el8_1.3
  • libvncserver-debuginfo-0:0.9.11-9.el8_1.3
  • libvncserver-debugsource-0:0.9.11-9.el8_1.3
  • libvncserver-devel-0:0.9.11-9.el8_1.3
  • libvncserver-0:0.9.11-9.el8_0.3
  • libvncserver-debuginfo-0:0.9.11-9.el8_0.3
  • libvncserver-debugsource-0:0.9.11-9.el8_0.3
refmap via4
fedora
  • FEDORA-2020-1a4b1c8271
  • FEDORA-2020-37112ac660
misc
mlist [oss-security] 20200630 Re: libvncserver: old websocket decoding patch
suse
  • openSUSE-SU-2020:0960
  • openSUSE-SU-2020:0978
  • openSUSE-SU-2020:0988
  • openSUSE-SU-2020:1025
  • openSUSE-SU-2020:1056
ubuntu USN-4407-1
Last major update 01-04-2022 - 18:08
Published 30-06-2020 - 11:15
Last modified 01-04-2022 - 18:08
Back to Top