CVE-2016-10207
The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.
| Software | From | Fixed in |
|---|---|---|
| opensuse / leap | 42.2 | 42.2.x |
| opensuse / leap | 42.1 | 42.1.x |
| tigervnc / tigervnc | 0.0.90 | 0.0.90.x |
| tigervnc / tigervnc | 1.0.1 | 1.0.1.x |
| tigervnc / tigervnc | 1.3 | 1.3.x |
| tigervnc / tigervnc | 0.0.91 | 0.0.91.x |
| tigervnc / tigervnc | 1.0 | 1.0.x |
| tigervnc / tigervnc | 1.1.0 | 1.1.0.x |
| tigervnc / tigervnc | 1.7 | 1.7.x |
| tigervnc / tigervnc | 1.3.1 | 1.3.1.x |
- http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00020.html
- http://rhn.redhat.com/errata/RHSA-2017-0630.html
- http://www.openwall.com/lists/oss-security/2017/02/02/22
- http://www.openwall.com/lists/oss-security/2017/02/05/2
- http://www.securityfocus.com/bid/96012
- https://access.redhat.com/errata/RHSA-2017:2000
- https://bugzilla.suse.com/show_bug.cgi?id=1023012
- https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649
- https://security.gentoo.org/glsa/201801-13
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime