ID |
CVE-2017-7396
|
Summary |
In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 5.0 (as of 03-10-2019 - 00:03) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-772 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
NONE |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
redhat
via4
|
advisories | bugzilla | id | 1438703 | title | CVE-2017-7396 tigervnc: SecurityServer and ClientServer memory leaks |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 7 is installed | oval | oval:com.redhat.rhba:tst:20150364027 |
OR | AND | comment | fltk is earlier than 0:1.3.4-1.el7 | oval | oval:com.redhat.rhsa:tst:20172000001 |
comment | fltk is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20172000002 |
|
AND | comment | fltk-devel is earlier than 0:1.3.4-1.el7 | oval | oval:com.redhat.rhsa:tst:20172000003 |
comment | fltk-devel is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20172000004 |
|
AND | comment | fltk-fluid is earlier than 0:1.3.4-1.el7 | oval | oval:com.redhat.rhsa:tst:20172000005 |
comment | fltk-fluid is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20172000006 |
|
AND | comment | fltk-static is earlier than 0:1.3.4-1.el7 | oval | oval:com.redhat.rhsa:tst:20172000007 |
comment | fltk-static is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20172000008 |
|
AND | comment | tigervnc is earlier than 0:1.8.0-1.el7 | oval | oval:com.redhat.rhsa:tst:20172000009 |
comment | tigervnc is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20110871002 |
|
AND | comment | tigervnc-icons is earlier than 0:1.8.0-1.el7 | oval | oval:com.redhat.rhsa:tst:20172000011 |
comment | tigervnc-icons is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20152233004 |
|
AND | comment | tigervnc-license is earlier than 0:1.8.0-1.el7 | oval | oval:com.redhat.rhsa:tst:20172000013 |
comment | tigervnc-license is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20152233006 |
|
AND | comment | tigervnc-server is earlier than 0:1.8.0-1.el7 | oval | oval:com.redhat.rhsa:tst:20172000015 |
comment | tigervnc-server is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20110871004 |
|
AND | comment | tigervnc-server-applet is earlier than 0:1.8.0-1.el7 | oval | oval:com.redhat.rhsa:tst:20172000017 |
comment | tigervnc-server-applet is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20110871006 |
|
AND | comment | tigervnc-server-minimal is earlier than 0:1.8.0-1.el7 | oval | oval:com.redhat.rhsa:tst:20172000019 |
comment | tigervnc-server-minimal is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20152233012 |
|
AND | comment | tigervnc-server-module is earlier than 0:1.8.0-1.el7 | oval | oval:com.redhat.rhsa:tst:20172000021 |
comment | tigervnc-server-module is signed with Red Hat redhatrelease2 key | oval | oval:com.redhat.rhsa:tst:20110871008 |
|
|
|
|
| rhsa | id | RHSA-2017:2000 | released | 2017-08-01 | severity | Moderate | title | RHSA-2017:2000: tigervnc and fltk security, bug fix, and enhancement update (Moderate) |
|
| rpms | - fltk-0:1.3.4-1.el7
- fltk-debuginfo-0:1.3.4-1.el7
- fltk-devel-0:1.3.4-1.el7
- fltk-fluid-0:1.3.4-1.el7
- fltk-static-0:1.3.4-1.el7
- tigervnc-0:1.8.0-1.el7
- tigervnc-debuginfo-0:1.8.0-1.el7
- tigervnc-icons-0:1.8.0-1.el7
- tigervnc-license-0:1.8.0-1.el7
- tigervnc-server-0:1.8.0-1.el7
- tigervnc-server-applet-0:1.8.0-1.el7
- tigervnc-server-minimal-0:1.8.0-1.el7
- tigervnc-server-module-0:1.8.0-1.el7
|
|
refmap
via4
|
bid | 97305 | confirm | | gentoo | GLSA-201801-13 |
|
Last major update |
03-10-2019 - 00:03 |
Published |
01-04-2017 - 02:59 |
Last modified |
03-10-2019 - 00:03 |