Vulnerability Details : CVE-2011-0905
The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2011-0905
- cpe:2.3:a:david_king:vino:2.14:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.15:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.22:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.23:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.28.2:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.18:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.19:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.26:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.27:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.24.1:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.25.3:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.26.2:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.27.5:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.17.92:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.17.2:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.21.2:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.21.1:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.23.90:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.23.5:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.22.2:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.13:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.20:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.21:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.28:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.28.1:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.25.4:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.25.5:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.27.90:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.27.91:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.27.92:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.17.4:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.19.92:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.20.1:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.22.1:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.25.90:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.25.91:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.32.0:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.32.1:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.19.90:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.19.5:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.21.92:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.21.91:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.16:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.17:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.24:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.25:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.12:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.23.92:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.25.92:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.26.1:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.13.5:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.17.5:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.18.1:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.21.3:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.21.90:*:*:*:*:*:*:*
- cpe:2.3:a:david_king:vino:2.23.91:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0905
1.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0905
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:N/A:P |
6.8
|
2.9
|
NIST |
CWE ids for CVE-2011-0905
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0905
-
http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news
-
https://bugzilla.redhat.com/show_bug.cgi?id=694456
694456 – (CVE-2011-0905) CVE-2011-0905 vino: Out of bounds read flaw by processing certain client tight encoding framebuffer update requestsPatch
-
http://www.vupen.com/english/advisories/2011/1144
Webmail | OVH- OVHVendor Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:087
mandriva.com
-
http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0
Avoid out-of-bounds memory accesses (0c2c9175) · Commits · GNOME / vino · GitLabPatch
-
http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/67244
Vino framebuffer denial of service CVE-2011-0905 Vulnerability Report
-
http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4
Avoid out-of-bounds memory accesses (dff52694) · Commits · GNOME / vino · GitLabPatch
-
http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f
Avoid out-of-bounds memory accesses (456dadbb) · Commits · GNOME / vino · GitLabPatch
-
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2011:009
-
http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a
Update NEWS for 3.1.1 release (d050a22b) · Commits · GNOME / vino · GitLabPatch
-
http://www.debian.org/security/2011/dsa-2238
Debian -- Security Information -- DSA-2238-1 vino
-
http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279
Avoid out-of-bounds memory accesses (8beefcf7) · Commits · GNOME / vino · GitLabPatch
-
http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d
Avoid out-of-bounds memory accesses (e17bd4e3) · Commits · GNOME / vino · GitLabPatch
-
http://www.securityfocus.com/bid/47681
Vino Framebuffer Request Processing Multiple Remote Denial of Service Vulnerabilities
-
http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news
-
http://git.gnome.org/browse/vino/log/?h=gnome-2-30
Commits · gnome-2-30 · GNOME / vino · GitLabPatch
-
http://git.gnome.org/browse/vino/tree/NEWS
NEWS · master · GNOME / vino · GitLab
-
https://bugzilla.gnome.org/show_bug.cgi?id=641803
Access Denied
-
http://rhn.redhat.com/errata/RHSA-2013-0169.html
RHSA-2013:0169 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/usn-1128-1/
USN-1128-1: Vino vulnerabilities | Ubuntu security notices
Jump to