Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    12 vulnerabilities by david_king

    CVE-2013-5745 (GCVE-0-2013-5745)

    Vulnerability from nvd – Published: 2013-10-01 17:00 – Updated: 2024-08-06 17:22
    VLAI
    Summary
    The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.gnome.org/show_bug.cgi?id=641811 x_refsource_CONFIRM
    https://www.trustwave.com/spiderlabs/advisories/T… x_refsource_MISC
    http://rhn.redhat.com/errata/RHSA-2013-1452.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/55090 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.gnome.org/show_bug.cgi?id=707905 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-1980-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2013-09-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:22:30.780Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641811"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt"
              },
              {
                "name": "RHSA-2013:1452",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-1452.html"
              },
              {
                "name": "55090",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55090"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=707905"
              },
              {
                "name": "USN-1980-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1980-1"
              },
              {
                "name": "SUSE-SU-2013:1631",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-09-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-12-01T17:26:34.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641811"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt"
            },
            {
              "name": "RHSA-2013:1452",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1452.html"
            },
            {
              "name": "55090",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55090"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=707905"
            },
            {
              "name": "USN-1980-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1980-1"
            },
            {
              "name": "SUSE-SU-2013:1631",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00003.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-5745",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=641811",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641811"
                },
                {
                  "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt",
                  "refsource": "MISC",
                  "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt"
                },
                {
                  "name": "RHSA-2013:1452",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-1452.html"
                },
                {
                  "name": "55090",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/55090"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=707905",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=707905"
                },
                {
                  "name": "USN-1980-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1980-1"
                },
                {
                  "name": "SUSE-SU-2013:1631",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00003.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-5745",
        "datePublished": "2013-10-01T17:00:00.000Z",
        "dateReserved": "2013-09-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:22:30.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1165 (GCVE-0-2011-1165)

    Vulnerability from nvd – Published: 2013-03-12 22:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:28.039Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2013:0169",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=594521"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=410bbf8e284409bdef02322af4d4a3a388419566"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.dslreports.com/forum/r25446313-Ubuntu-computer-hijacked-by-hacker~start=40"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the \"Configure network to automatically accept connections\" setting is enabled, which might make it easier for remote attackers to perform further attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-03-12T22:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2013:0169",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=594521"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=410bbf8e284409bdef02322af4d4a3a388419566"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.dslreports.com/forum/r25446313-Ubuntu-computer-hijacked-by-hacker~start=40"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-1165",
        "datePublished": "2013-03-12T22:00:00.000Z",
        "dateReserved": "2011-03-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:28.039Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1164 (GCVE-0-2011-1164)

    Vulnerability from nvd – Published: 2013-03-12 22:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:28.070Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2013:0169",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=596190"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-03-12T22:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2013:0169",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=596190"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-1164",
        "datePublished": "2013-03-12T22:00:00.000Z",
        "dateReserved": "2011-03-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:28.070Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-4429 (GCVE-0-2012-4429)

    Vulnerability from nvd – Published: 2012-10-01 00:00 – Updated: 2024-08-06 20:35
    VLAI
    Summary
    Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2013-0169.html vendor-advisoryx_refsource_REDHAT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.openwall.com/lists/oss-security/2012/09/14/1 mailing-listx_refsource_MLIST
    http://www.ubuntu.com/usn/USN-1701-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/55548 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2012/0… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/50527 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2012-06-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:35:09.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2013:0169",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
              },
              {
                "name": "vino-clipboard-info-disclosure(78602)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78602"
              },
              {
                "name": "[oss-security] 20120913 Re: CVE request: information leak in vino",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/09/14/1"
              },
              {
                "name": "USN-1701-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1701-1"
              },
              {
                "name": "55548",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/55548"
              },
              {
                "name": "[oss-security] 20120913 CVE request: information leak in vino",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/09/13/25"
              },
              {
                "name": "50527",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/50527"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-06-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2013:0169",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
            },
            {
              "name": "vino-clipboard-info-disclosure(78602)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78602"
            },
            {
              "name": "[oss-security] 20120913 Re: CVE request: information leak in vino",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/09/14/1"
            },
            {
              "name": "USN-1701-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1701-1"
            },
            {
              "name": "55548",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/55548"
            },
            {
              "name": "[oss-security] 20120913 CVE request: information leak in vino",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/09/13/25"
            },
            {
              "name": "50527",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/50527"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-4429",
        "datePublished": "2012-10-01T00:00:00.000Z",
        "dateReserved": "2012-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:35:09.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0905 (GCVE-0-2011-0905)

    Vulnerability from nvd – Published: 2011-05-10 18:00 – Updated: 2024-08-06 22:05
    VLAI
    Summary
    The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://git.gnome.org/browse/vino/commit/?id=0c2c9… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/usn-1128-1/ vendor-advisoryx_refsource_UBUNTU
    http://git.gnome.org/browse/vino/commit/?id=d050a… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://rhn.redhat.com/errata/RHSA-2013-0169.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.gnome.org/show_bug.cgi?id=641803 x_refsource_CONFIRM
    http://secunia.com/advisories/44410 third-party-advisoryx_refsource_SECUNIA
    http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2011/1144 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/47681 vdb-entryx_refsource_BID
    http://git.gnome.org/browse/vino/commit/?id=456da… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=694456 x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/log/?h=gnome-2-30 x_refsource_CONFIRM
    http://www.debian.org/security/2011/dsa-2238 vendor-advisoryx_refsource_DEBIAN
    http://git.gnome.org/browse/vino/commit/?id=e17bd… x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/commit/?id=dff52… x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/commit/?id=8beef… x_refsource_CONFIRM
    http://secunia.com/advisories/44463 third-party-advisoryx_refsource_SECUNIA
    http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/v… x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/tree/NEWS x_refsource_CONFIRM
    Date Public
    2011-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:05:54.452Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
              },
              {
                "name": "USN-1128-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-1128-1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
              },
              {
                "name": "SUSE-SR:2011:009",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
              },
              {
                "name": "MDVSA-2011:087",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
              },
              {
                "name": "RHSA-2013:0169",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641803"
              },
              {
                "name": "44410",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44410"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
              },
              {
                "name": "ADV-2011-1144",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/1144"
              },
              {
                "name": "vino-framebuffer-dos(67244)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67244"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
              },
              {
                "name": "47681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47681"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
              },
              {
                "name": "DSA-2238",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2238"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
              },
              {
                "name": "44463",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44463"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/tree/NEWS"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
            },
            {
              "name": "USN-1128-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-1128-1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
            },
            {
              "name": "SUSE-SR:2011:009",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
            },
            {
              "name": "MDVSA-2011:087",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
            },
            {
              "name": "RHSA-2013:0169",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641803"
            },
            {
              "name": "44410",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44410"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
            },
            {
              "name": "ADV-2011-1144",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/1144"
            },
            {
              "name": "vino-framebuffer-dos(67244)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67244"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
            },
            {
              "name": "47681",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47681"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
            },
            {
              "name": "DSA-2238",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2238"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
            },
            {
              "name": "44463",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44463"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/tree/NEWS"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0905",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
                },
                {
                  "name": "USN-1128-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-1128-1/"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
                },
                {
                  "name": "SUSE-SR:2011:009",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
                },
                {
                  "name": "MDVSA-2011:087",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
                },
                {
                  "name": "RHSA-2013:0169",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=641803",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641803"
                },
                {
                  "name": "44410",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44410"
                },
                {
                  "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news",
                  "refsource": "CONFIRM",
                  "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
                },
                {
                  "name": "ADV-2011-1144",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/1144"
                },
                {
                  "name": "vino-framebuffer-dos(67244)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67244"
                },
                {
                  "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news",
                  "refsource": "CONFIRM",
                  "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
                },
                {
                  "name": "47681",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47681"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694456",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
                },
                {
                  "name": "DSA-2238",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2238"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
                },
                {
                  "name": "44463",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44463"
                },
                {
                  "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news",
                  "refsource": "CONFIRM",
                  "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/tree/NEWS",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/tree/NEWS"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0905",
        "datePublished": "2011-05-10T18:00:00.000Z",
        "dateReserved": "2011-02-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:05:54.452Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0904 (GCVE-0-2011-0904)

    Vulnerability from nvd – Published: 2011-05-10 18:00 – Updated: 2024-08-06 22:05
    VLAI
    Summary
    The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://git.gnome.org/browse/vino/commit/?id=0c2c9… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/usn-1128-1/ vendor-advisoryx_refsource_UBUNTU
    http://git.gnome.org/browse/vino/commit/?id=d050a… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://rhn.redhat.com/errata/RHSA-2013-0169.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/44410 third-party-advisoryx_refsource_SECUNIA
    http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2011/1144 vdb-entryx_refsource_VUPEN
    http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/47681 vdb-entryx_refsource_BID
    http://git.gnome.org/browse/vino/commit/?id=456da… x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/log/?h=gnome-2-30 x_refsource_CONFIRM
    http://www.debian.org/security/2011/dsa-2238 vendor-advisoryx_refsource_DEBIAN
    http://git.gnome.org/browse/vino/commit/?id=e17bd… x_refsource_CONFIRM
    https://bugzilla.gnome.org/show_bug.cgi?id=641802 x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/commit/?id=dff52… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=694455 x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/commit/?id=8beef… x_refsource_CONFIRM
    http://secunia.com/advisories/44463 third-party-advisoryx_refsource_SECUNIA
    http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/v… x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/tree/NEWS x_refsource_CONFIRM
    Date Public
    2011-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:05:54.511Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "vino-input-dos(67243)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
              },
              {
                "name": "USN-1128-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-1128-1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
              },
              {
                "name": "SUSE-SR:2011:009",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
              },
              {
                "name": "MDVSA-2011:087",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
              },
              {
                "name": "RHSA-2013:0169",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
              },
              {
                "name": "44410",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44410"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
              },
              {
                "name": "ADV-2011-1144",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/1144"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
              },
              {
                "name": "47681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47681"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
              },
              {
                "name": "DSA-2238",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2238"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
              },
              {
                "name": "44463",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44463"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/tree/NEWS"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "vino-input-dos(67243)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
            },
            {
              "name": "USN-1128-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-1128-1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
            },
            {
              "name": "SUSE-SR:2011:009",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
            },
            {
              "name": "MDVSA-2011:087",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
            },
            {
              "name": "RHSA-2013:0169",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
            },
            {
              "name": "44410",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44410"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
            },
            {
              "name": "ADV-2011-1144",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/1144"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
            },
            {
              "name": "47681",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47681"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
            },
            {
              "name": "DSA-2238",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2238"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
            },
            {
              "name": "44463",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44463"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/tree/NEWS"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "vino-input-dos(67243)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
                },
                {
                  "name": "USN-1128-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-1128-1/"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
                },
                {
                  "name": "SUSE-SR:2011:009",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
                },
                {
                  "name": "MDVSA-2011:087",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
                },
                {
                  "name": "RHSA-2013:0169",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
                },
                {
                  "name": "44410",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44410"
                },
                {
                  "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news",
                  "refsource": "CONFIRM",
                  "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
                },
                {
                  "name": "ADV-2011-1144",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/1144"
                },
                {
                  "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news",
                  "refsource": "CONFIRM",
                  "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
                },
                {
                  "name": "47681",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47681"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
                },
                {
                  "name": "DSA-2238",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2238"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=641802",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694455",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
                },
                {
                  "name": "44463",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44463"
                },
                {
                  "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news",
                  "refsource": "CONFIRM",
                  "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/tree/NEWS",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/tree/NEWS"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0904",
        "datePublished": "2011-05-10T18:00:00.000Z",
        "dateReserved": "2011-02-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:05:54.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-5745 (GCVE-0-2013-5745)

    Vulnerability from cvelistv5 – Published: 2013-10-01 17:00 – Updated: 2024-08-06 17:22
    VLAI
    Summary
    The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.gnome.org/show_bug.cgi?id=641811 x_refsource_CONFIRM
    https://www.trustwave.com/spiderlabs/advisories/T… x_refsource_MISC
    http://rhn.redhat.com/errata/RHSA-2013-1452.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/55090 third-party-advisoryx_refsource_SECUNIA
    https://bugzilla.gnome.org/show_bug.cgi?id=707905 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-1980-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    Date Public
    2013-09-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:22:30.780Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641811"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt"
              },
              {
                "name": "RHSA-2013:1452",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-1452.html"
              },
              {
                "name": "55090",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/55090"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=707905"
              },
              {
                "name": "USN-1980-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1980-1"
              },
              {
                "name": "SUSE-SU-2013:1631",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00003.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-09-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-12-01T17:26:34.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641811"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt"
            },
            {
              "name": "RHSA-2013:1452",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1452.html"
            },
            {
              "name": "55090",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/55090"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=707905"
            },
            {
              "name": "USN-1980-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1980-1"
            },
            {
              "name": "SUSE-SU-2013:1631",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00003.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2013-5745",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=641811",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641811"
                },
                {
                  "name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt",
                  "refsource": "MISC",
                  "url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt"
                },
                {
                  "name": "RHSA-2013:1452",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-1452.html"
                },
                {
                  "name": "55090",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/55090"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=707905",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=707905"
                },
                {
                  "name": "USN-1980-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1980-1"
                },
                {
                  "name": "SUSE-SU-2013:1631",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00003.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2013-5745",
        "datePublished": "2013-10-01T17:00:00.000Z",
        "dateReserved": "2013-09-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:22:30.780Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1165 (GCVE-0-2011-1165)

    Vulnerability from cvelistv5 – Published: 2013-03-12 22:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:28.039Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2013:0169",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=594521"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=410bbf8e284409bdef02322af4d4a3a388419566"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.dslreports.com/forum/r25446313-Ubuntu-computer-hijacked-by-hacker~start=40"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the \"Configure network to automatically accept connections\" setting is enabled, which might make it easier for remote attackers to perform further attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-03-12T22:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2013:0169",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=594521"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=678846"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=410bbf8e284409bdef02322af4d4a3a388419566"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.dslreports.com/forum/r25446313-Ubuntu-computer-hijacked-by-hacker~start=40"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-1165",
        "datePublished": "2013-03-12T22:00:00.000Z",
        "dateReserved": "2011-03-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:28.039Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-1164 (GCVE-0-2011-1164)

    Vulnerability from cvelistv5 – Published: 2013-03-12 22:00 – Updated: 2024-08-06 22:14
    VLAI
    Summary
    Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:14:28.070Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2013:0169",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=596190"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-03-12T22:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2013:0169",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=596190"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=553477"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-1164",
        "datePublished": "2013-03-12T22:00:00.000Z",
        "dateReserved": "2011-03-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:14:28.070Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-4429 (GCVE-0-2012-4429)

    Vulnerability from cvelistv5 – Published: 2012-10-01 00:00 – Updated: 2024-08-06 20:35
    VLAI
    Summary
    Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2013-0169.html vendor-advisoryx_refsource_REDHAT
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.openwall.com/lists/oss-security/2012/09/14/1 mailing-listx_refsource_MLIST
    http://www.ubuntu.com/usn/USN-1701-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securityfocus.com/bid/55548 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2012/0… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/50527 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2012-06-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:35:09.525Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2013:0169",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
              },
              {
                "name": "vino-clipboard-info-disclosure(78602)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78602"
              },
              {
                "name": "[oss-security] 20120913 Re: CVE request: information leak in vino",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/09/14/1"
              },
              {
                "name": "USN-1701-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1701-1"
              },
              {
                "name": "55548",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/55548"
              },
              {
                "name": "[oss-security] 20120913 CVE request: information leak in vino",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/09/13/25"
              },
              {
                "name": "50527",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/50527"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-06-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read clipboard activity by listening on TCP port 5900."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-28T12:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2013:0169",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
            },
            {
              "name": "vino-clipboard-info-disclosure(78602)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78602"
            },
            {
              "name": "[oss-security] 20120913 Re: CVE request: information leak in vino",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/09/14/1"
            },
            {
              "name": "USN-1701-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1701-1"
            },
            {
              "name": "55548",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/55548"
            },
            {
              "name": "[oss-security] 20120913 CVE request: information leak in vino",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/09/13/25"
            },
            {
              "name": "50527",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/50527"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-4429",
        "datePublished": "2012-10-01T00:00:00.000Z",
        "dateReserved": "2012-08-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:35:09.525Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0905 (GCVE-0-2011-0905)

    Vulnerability from cvelistv5 – Published: 2011-05-10 18:00 – Updated: 2024-08-06 22:05
    VLAI
    Summary
    The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://git.gnome.org/browse/vino/commit/?id=0c2c9… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/usn-1128-1/ vendor-advisoryx_refsource_UBUNTU
    http://git.gnome.org/browse/vino/commit/?id=d050a… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://rhn.redhat.com/errata/RHSA-2013-0169.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.gnome.org/show_bug.cgi?id=641803 x_refsource_CONFIRM
    http://secunia.com/advisories/44410 third-party-advisoryx_refsource_SECUNIA
    http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2011/1144 vdb-entryx_refsource_VUPEN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/47681 vdb-entryx_refsource_BID
    http://git.gnome.org/browse/vino/commit/?id=456da… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=694456 x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/log/?h=gnome-2-30 x_refsource_CONFIRM
    http://www.debian.org/security/2011/dsa-2238 vendor-advisoryx_refsource_DEBIAN
    http://git.gnome.org/browse/vino/commit/?id=e17bd… x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/commit/?id=dff52… x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/commit/?id=8beef… x_refsource_CONFIRM
    http://secunia.com/advisories/44463 third-party-advisoryx_refsource_SECUNIA
    http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/v… x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/tree/NEWS x_refsource_CONFIRM
    Date Public
    2011-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:05:54.452Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
              },
              {
                "name": "USN-1128-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-1128-1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
              },
              {
                "name": "SUSE-SR:2011:009",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
              },
              {
                "name": "MDVSA-2011:087",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
              },
              {
                "name": "RHSA-2013:0169",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641803"
              },
              {
                "name": "44410",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44410"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
              },
              {
                "name": "ADV-2011-1144",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/1144"
              },
              {
                "name": "vino-framebuffer-dos(67244)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67244"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
              },
              {
                "name": "47681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47681"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
              },
              {
                "name": "DSA-2238",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2238"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
              },
              {
                "name": "44463",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44463"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/tree/NEWS"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
            },
            {
              "name": "USN-1128-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-1128-1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
            },
            {
              "name": "SUSE-SR:2011:009",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
            },
            {
              "name": "MDVSA-2011:087",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
            },
            {
              "name": "RHSA-2013:0169",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641803"
            },
            {
              "name": "44410",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44410"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
            },
            {
              "name": "ADV-2011-1144",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/1144"
            },
            {
              "name": "vino-framebuffer-dos(67244)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67244"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
            },
            {
              "name": "47681",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47681"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
            },
            {
              "name": "DSA-2238",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2238"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
            },
            {
              "name": "44463",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44463"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/tree/NEWS"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0905",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when tight encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via crafted dimensions in a framebuffer update request that triggers an out-of-bounds read operation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
                },
                {
                  "name": "USN-1128-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-1128-1/"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
                },
                {
                  "name": "SUSE-SR:2011:009",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
                },
                {
                  "name": "MDVSA-2011:087",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
                },
                {
                  "name": "RHSA-2013:0169",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=641803",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641803"
                },
                {
                  "name": "44410",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44410"
                },
                {
                  "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news",
                  "refsource": "CONFIRM",
                  "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
                },
                {
                  "name": "ADV-2011-1144",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/1144"
                },
                {
                  "name": "vino-framebuffer-dos(67244)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67244"
                },
                {
                  "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news",
                  "refsource": "CONFIRM",
                  "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
                },
                {
                  "name": "47681",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47681"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694456",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694456"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
                },
                {
                  "name": "DSA-2238",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2238"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
                },
                {
                  "name": "44463",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44463"
                },
                {
                  "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news",
                  "refsource": "CONFIRM",
                  "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/tree/NEWS",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/tree/NEWS"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0905",
        "datePublished": "2011-05-10T18:00:00.000Z",
        "dateReserved": "2011-02-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:05:54.452Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-0904 (GCVE-0-2011-0904)

    Vulnerability from cvelistv5 – Published: 2011-05-10 18:00 – Updated: 2024-08-06 22:05
    VLAI
    Summary
    The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://git.gnome.org/browse/vino/commit/?id=0c2c9… x_refsource_CONFIRM
    http://www.ubuntu.com/usn/usn-1128-1/ vendor-advisoryx_refsource_UBUNTU
    http://git.gnome.org/browse/vino/commit/?id=d050a… x_refsource_CONFIRM
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://rhn.redhat.com/errata/RHSA-2013-0169.html vendor-advisoryx_refsource_REDHAT
    http://secunia.com/advisories/44410 third-party-advisoryx_refsource_SECUNIA
    http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/… x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2011/1144 vdb-entryx_refsource_VUPEN
    http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/47681 vdb-entryx_refsource_BID
    http://git.gnome.org/browse/vino/commit/?id=456da… x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/log/?h=gnome-2-30 x_refsource_CONFIRM
    http://www.debian.org/security/2011/dsa-2238 vendor-advisoryx_refsource_DEBIAN
    http://git.gnome.org/browse/vino/commit/?id=e17bd… x_refsource_CONFIRM
    https://bugzilla.gnome.org/show_bug.cgi?id=641802 x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/commit/?id=dff52… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=694455 x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/commit/?id=8beef… x_refsource_CONFIRM
    http://secunia.com/advisories/44463 third-party-advisoryx_refsource_SECUNIA
    http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/v… x_refsource_CONFIRM
    http://git.gnome.org/browse/vino/tree/NEWS x_refsource_CONFIRM
    Date Public
    2011-05-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T22:05:54.511Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "vino-input-dos(67243)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
              },
              {
                "name": "USN-1128-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/usn-1128-1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
              },
              {
                "name": "SUSE-SR:2011:009",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
              },
              {
                "name": "MDVSA-2011:087",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
              },
              {
                "name": "RHSA-2013:0169",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
              },
              {
                "name": "44410",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44410"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
              },
              {
                "name": "ADV-2011-1144",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2011/1144"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
              },
              {
                "name": "47681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/47681"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
              },
              {
                "name": "DSA-2238",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2011/dsa-2238"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
              },
              {
                "name": "44463",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/44463"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://git.gnome.org/browse/vino/tree/NEWS"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2011-05-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "vino-input-dos(67243)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
            },
            {
              "name": "USN-1128-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/usn-1128-1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
            },
            {
              "name": "SUSE-SR:2011:009",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
            },
            {
              "name": "MDVSA-2011:087",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
            },
            {
              "name": "RHSA-2013:0169",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
            },
            {
              "name": "44410",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44410"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
            },
            {
              "name": "ADV-2011-1144",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2011/1144"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
            },
            {
              "name": "47681",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/47681"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
            },
            {
              "name": "DSA-2238",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2011/dsa-2238"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
            },
            {
              "name": "44463",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/44463"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://git.gnome.org/browse/vino/tree/NEWS"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2011-0904",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The rfbSendFramebufferUpdate function in server/libvncserver/rfbserver.c in vino-server in Vino 2.x before 2.28.3, 2.32.x before 2.32.2, 3.0.x before 3.0.2, and 3.1.x before 3.1.1, when raw encoding is used, allows remote authenticated users to cause a denial of service (daemon crash) via a large (1) X position or (2) Y position value in a framebuffer update request that triggers an out-of-bounds memory access, related to the rfbTranslateNone and rfbSendRectEncodingRaw functions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "vino-input-dos(67243)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67243"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=0c2c9175963fc56bf2af10e42867181332f96ce0"
                },
                {
                  "name": "USN-1128-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/usn-1128-1/"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=d050a22b1c284b633c407ef92fde95c47e8fdb8a"
                },
                {
                  "name": "SUSE-SR:2011:009",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
                },
                {
                  "name": "MDVSA-2011:087",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:087"
                },
                {
                  "name": "RHSA-2013:0169",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2013-0169.html"
                },
                {
                  "name": "44410",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44410"
                },
                {
                  "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news",
                  "refsource": "CONFIRM",
                  "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.32/vino-2.32.2.news"
                },
                {
                  "name": "ADV-2011-1144",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2011/1144"
                },
                {
                  "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news",
                  "refsource": "CONFIRM",
                  "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/2.28/vino-2.28.3.news"
                },
                {
                  "name": "47681",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/47681"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=456dadbb5c5971d3448763a44c05b9ad033e522f"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/log/?h=gnome-2-30"
                },
                {
                  "name": "DSA-2238",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2011/dsa-2238"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=e17bd4e369f90748654e31a4867211dc7610975d"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=641802",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=641802"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=dff52694a384fe95195f2211254026b752d63ec4"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694455",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694455"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/commit/?id=8beefcf7792d343c10c919ee0c928c81f73b1279"
                },
                {
                  "name": "44463",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/44463"
                },
                {
                  "name": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news",
                  "refsource": "CONFIRM",
                  "url": "http://ftp.gnome.org/pub/GNOME/sources/vino/3.0/vino-3.0.2.news"
                },
                {
                  "name": "http://git.gnome.org/browse/vino/tree/NEWS",
                  "refsource": "CONFIRM",
                  "url": "http://git.gnome.org/browse/vino/tree/NEWS"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2011-0904",
        "datePublished": "2011-05-10T18:00:00.000Z",
        "dateReserved": "2011-02-08T00:00:00.000Z",
        "dateUpdated": "2024-08-06T22:05:54.511Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }