cve-2016-9942
Vulnerability from cvelistv5
Published
2016-12-31 18:00
Modified
2024-08-06 03:07
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T03:07:31.414Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "95170", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/95170" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/LibVNC/libvncserver/pull/137" }, { "name": "DSA-3753", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "http://www.debian.org/security/2017/dsa-3753" }, { "name": "GLSA-201702-24", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201702-24" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11" }, { "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html" }, { "name": "USN-4587-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4587-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2016-12-31T00:00:00", "descriptions": [ { "lang": "en", "value": "Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-23T12:06:18", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "95170", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/95170" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/LibVNC/libvncserver/pull/137" }, { "name": "DSA-3753", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "http://www.debian.org/security/2017/dsa-3753" }, { "name": "GLSA-201702-24", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201702-24" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11" }, { "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html" }, { "name": "USN-4587-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4587-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-9942", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "95170", "refsource": "BID", "url": "http://www.securityfocus.com/bid/95170" }, { "name": "https://github.com/LibVNC/libvncserver/pull/137", "refsource": "CONFIRM", "url": "https://github.com/LibVNC/libvncserver/pull/137" }, { "name": "DSA-3753", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3753" }, { "name": "GLSA-201702-24", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201702-24" }, { "name": "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11", "refsource": "CONFIRM", "url": "https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11" }, { "name": "[debian-lts-announce] 20191030 [SECURITY] [DLA 1979-1] italc security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html" }, { "name": "USN-4587-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4587-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-9942", "datePublished": "2016-12-31T18:00:00", "dateReserved": "2016-12-13T00:00:00", "dateUpdated": "2024-08-06T03:07:31.414Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2016-9942\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-12-31T18:59:00.180\",\"lastModified\":\"2024-11-21T03:02:03.327\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en ultra.c en LibVNCClient en LibVNCServer en versiones anteriores a 0.9.11 permite a servidores remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mensaje FramebufferUpdate manipulado con el t\u00edtulo de tipo Ultra, de manera que la longitud de la carga \u00fatil LZO descomprimida excede lo especificado por las dimensiones del azulejo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libvncserver_project:libvncserver:0.9.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6241012-4420-4432-B0C6-9450E091D14E\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2017/dsa-3753\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/95170\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/LibVNC/libvncserver/pull/137\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201702-24\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/4587-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2017/dsa-3753\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/95170\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/LibVNC/libvncserver/pull/137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201702-24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/4587-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.