Missing Release of Resource after Effective Lifetime Affecting tigervnc-server-module package, versions <0:1.8.0-1.el7
Threat Intelligence
EPSS
0.31% (71st percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-RHEL7-TIGERVNCSERVERMODULE-5131546
- published26 Jul 2021
- disclosed27 Mar 2017
Introduced: 27 Mar 2017
CVE-2017-7396 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade RHEL:7 tigervnc-server-module to version 0:1.8.0-1.el7 or higher.
This issue was patched in RHSA-2017:2000.
NVD Description
Note: Versions mentioned in the description apply only to the upstream tigervnc-server-module package and not the tigervnc-server-module package as distributed by RHEL.
See How to fix? for RHEL:7 relevant fixed versions and status.
In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an unauthenticated client can cause a small memory leak in the server.
References
- http://www.securityfocus.com/bid/97305
- https://github.com/TigerVNC/tigervnc/pull/436
- https://github.com/TigerVNC/tigervnc/pull/436/commits/dccb5f7d776e93863ae10bbff56a45c523c6eeb0
- https://access.redhat.com/security/cve/CVE-2017-7396
- https://security.gentoo.org/glsa/201801-13
- https://access.redhat.com/errata/RHSA-2017:2000