CVE-2014-6053
EPSS 36.9%tightvnc - security update
發布日:2014/12/15修改日:2026/4/28
也稱為:DEBIAN-CVE-2014-6053
描述
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
受影響套件(5)
- Debian/libvncserverfrom 0, < 0.9.9+dfsg-6.1
- Debian/tightvncfrom 0, < 1:1.3.9-9.1
- Debian/tightvncfrom 0, < 1.3.9-6.5+deb8u1
- Debian/vinofrom 0, < 3.22.0-6
- Debian/vinofrom 0, < 3.14.0-2+deb8u1