| Errata ID | 655 |
|---|---|
| Date | 2020-03-11 |
| Source package | tightvnc |
| Fixed in version | 1:1.3.9-9+deb9u1 |
| Description | This update addresses the following issues: * Server NULL pointer dereference flaw in ClientCutText message handling (CVE-2014-6053) * Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225) * Infinite loop in VNC client code allows for denial of service (CVE-2018-20021) * Improper initialization in VNC client code allows for information disclosure (CVE-2018-20022) * TightVNC contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. (CVE-2019-8287) * TightVNC contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity. (CVE-2019-15678) * TightVNC contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. (CVE-2019-15679) * TightVNC contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity. (CVE-2019-15680) * LibVNC contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed. (CVE-2019-15681) |
| Additional notes | |
| CVE ID | CVE-2014-6053 CVE-2018-7225 CVE-2018-20021 CVE-2018-20022 CVE-2019-8287 CVE-2019-15678 CVE-2019-15679 CVE-2019-15680 CVE-2019-15681 |
| UCS Bug number | #50913 |
