Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
David King Vino帧缓冲更新处理缓冲区溢出漏洞
Vulnerability Description
Vino中存在缓冲区溢出漏洞。该漏洞是由于当处理客户端帧缓冲更新请求时,server/libvncserver/rfbserver.c中的“rfbSendFramebufferUpdate()”函数产生的错误导致的。远程认证用户可以借助帧缓冲更新请求中超大的X或Y方位的值导致拒绝服务(守护进程崩溃),该请求可触发越界内存访问。 该漏洞位于以下版本中:Vino 2.28.3之前的2.x版本,2.32.2之前的2.32.x版本,3.0.2之前的3.0.x版本以及3.1.1之前的3.1.x版本。
CVSS Information
N/A
Vulnerability Type
N/A