Out-of-Bounds Affecting vino package, versions [,2.28.3)[2.32.0,2.32.2)[3.0.0,3.0.2)[3.1.0,3.1.1)


Severity

Recommended
0.0
low
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Not Defined
EPSS
1.15% (85th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-VINO-2408982
  • published26 Jan 2022
  • disclosed10 May 2011
  • creditUnknown

Introduced: 10 May 2011

CVE-2011-0905  (opens in a new tab)
CWE-119  (opens in a new tab)

How to fix?

Upgrade vino to version 2.28.3, 2.32.2, 3.0.2, 3.1.1 or higher.

Overview

Affected versions of this package are vulnerable to Out-of-Bounds. The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.

References

CVSS Scores

version 3.1