Executive Summary

Informations
NameCVE-2016-9942First vendor Publication2016-12-31
VendorCveLast vendor Modification2017-06-30

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer before 0.9.11 allows remote servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted FramebufferUpdate message with the Ultra type tile, such that the LZO payload decompressed length exceeds what is specified by the tile dimensions.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9942

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Nessus® Vulnerability Scanner

DateDescription
2017-07-17Name : The remote Fedora host is missing a security update.
File : fedora_2017-6125002d79.nasl - Type : ACT_GATHER_INFO
2017-05-26Name : The remote Fedora host is missing a security update.
File : fedora_2017-0e08170fd3.nasl - Type : ACT_GATHER_INFO
2017-05-26Name : The remote Fedora host is missing a security update.
File : fedora_2017-dd5d2381e4.nasl - Type : ACT_GATHER_INFO
2017-05-01Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1046.nasl - Type : ACT_GATHER_INFO
2017-03-08Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0622-1.nasl - Type : ACT_GATHER_INFO
2017-02-21Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201702-24.nasl - Type : ACT_GATHER_INFO
2017-02-21Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0519-1.nasl - Type : ACT_GATHER_INFO
2017-01-12Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-0104-1.nasl - Type : ACT_GATHER_INFO
2017-01-12Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-3171-1.nasl - Type : ACT_GATHER_INFO
2017-01-10Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_64be967ad37911e6a071001e67f15f5a.nasl - Type : ACT_GATHER_INFO
2017-01-06Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3753.nasl - Type : ACT_GATHER_INFO
2017-01-04Name : The remote Debian host is missing a security update.
File : debian_DLA-777.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/95170
CONFIRM https://github.com/LibVNC/libvncserver/pull/137
https://github.com/LibVNC/libvncserver/releases/tag/LibVNCServer-0.9.11
DEBIAN http://www.debian.org/security/2017/dsa-3753
GENTOO https://security.gentoo.org/glsa/201702-24

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
DateInformations
2017-07-18 13:24:51
  • Multiple Updates
2017-07-01 09:23:47
  • Multiple Updates
2017-05-27 13:25:58
  • Multiple Updates
2017-05-02 13:24:37
  • Multiple Updates
2017-03-09 13:22:49
  • Multiple Updates
2017-02-22 13:21:09
  • Multiple Updates
2017-01-18 09:28:29
  • Multiple Updates
2017-01-13 13:24:47
  • Multiple Updates
2017-01-11 13:25:28
  • Multiple Updates
2017-01-07 13:25:59
  • Multiple Updates
2017-01-05 13:20:47
  • Multiple Updates
2017-01-04 17:19:20
  • Multiple Updates
2017-01-04 09:23:00
  • Multiple Updates
2016-12-31 21:25:04
  • First insertion