ID CVE-2014-8241
Summary XRegion in TigerVNC allows remote VNC servers to cause a denial of service (NULL pointer dereference) by leveraging failure to check a malloc return value, a similar issue to CVE-2014-6052.
References
Vulnerable Configurations
  • cpe:2.3:a:tigervnc:tigervnc
    cpe:2.3:a:tigervnc:tigervnc
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux HPC Node 7.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
CVSS
Base: 7.5 (as of 15-12-2016 - 10:49)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
redhat via4
advisories
bugzilla
id 1199453
title Re-base to tigervnc-1.3.x
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment tigervnc is earlier than 0:1.3.1-3.el7
        oval oval:com.redhat.rhsa:tst:20152233007
      • comment tigervnc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110871006
    • AND
      • comment tigervnc-icons is earlier than 0:1.3.1-3.el7
        oval oval:com.redhat.rhsa:tst:20152233013
      • comment tigervnc-icons is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152233014
    • AND
      • comment tigervnc-license is earlier than 0:1.3.1-3.el7
        oval oval:com.redhat.rhsa:tst:20152233015
      • comment tigervnc-license is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152233016
    • AND
      • comment tigervnc-server is earlier than 0:1.3.1-3.el7
        oval oval:com.redhat.rhsa:tst:20152233005
      • comment tigervnc-server is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110871012
    • AND
      • comment tigervnc-server-applet is earlier than 0:1.3.1-3.el7
        oval oval:com.redhat.rhsa:tst:20152233017
      • comment tigervnc-server-applet is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110871008
    • AND
      • comment tigervnc-server-minimal is earlier than 0:1.3.1-3.el7
        oval oval:com.redhat.rhsa:tst:20152233009
      • comment tigervnc-server-minimal is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152233010
    • AND
      • comment tigervnc-server-module is earlier than 0:1.3.1-3.el7
        oval oval:com.redhat.rhsa:tst:20152233011
      • comment tigervnc-server-module is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110871010
rhsa
id RHSA-2015:2233
released 2015-05-15
severity Moderate
title RHSA-2015:2233: tigervnc security, bug fix, and enhancement update (Moderate)
rpms
  • tigervnc-0:1.3.1-3.el7
  • tigervnc-icons-0:1.3.1-3.el7
  • tigervnc-license-0:1.3.1-3.el7
  • tigervnc-server-0:1.3.1-3.el7
  • tigervnc-server-applet-0:1.3.1-3.el7
  • tigervnc-server-minimal-0:1.3.1-3.el7
  • tigervnc-server-module-0:1.3.1-3.el7
refmap via4
bid 70390
confirm
mlist
  • [oss-security] 20141010 Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver
  • [oss-security] 20141011 Re: Request for CVE assignment for tigervnc affected by similar flaws as in CVE-2014-6051 and CVE-2014-6052 of libvncserver
Last major update 19-12-2016 - 21:59
Published 14-12-2016 - 17:59
Back to Top