Vulnerability Database
296,733
Total vulnerabilities in the database
CVE-2017-18922
It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow.
| Software | From | Fixed in |
|---|---|---|
| libvncserver_project / libvncserver | - | 0.9.12 |
| canonical / ubuntu_linux | 16.04 | 16.04.x |
| canonical / ubuntu_linux | 18.04 | 18.04.x |
| canonical / ubuntu_linux | 19.10 | 19.10.x |
| canonical / ubuntu_linux | 20.04 | 20.04.x |
| opensuse / leap | 15.1 | 15.1.x |
| opensuse / leap | 15.2 | 15.2.x |
| fedoraproject / fedora | 31 | 31.x |
| fedoraproject / fedora | 32 | 32.x |
| siemens / simatic_itc1500_firmware | 3.0.0.0 | 3.2.1.0 |
| siemens / simatic_itc1500_pro_firmware | 3.0.0.0 | 3.2.1.0 |
| siemens / simatic_itc1900_firmware | 3.0.0.0 | 3.2.1.0 |
| siemens / simatic_itc1900_pro_firmware | 3.0.0.0 | 3.2.1.0 |
| siemens / simatic_itc2200_firmware | 3.0.0.0 | 3.2.1.0 |
| siemens / simatic_itc2200_pro_firmware | 3.0.0.0 | 3.2.1.0 |
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00020.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00033.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00055.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00066.html
- http://www.openwall.com/lists/oss-security/2020/06/30/3
- https://bugzilla.redhat.com/show_bug.cgi?id=1852356
- https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf
- https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4F6FUH4EFK4NAP6GT4TQRTBKWIRCZLIY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVP7TJVYJDXDFRHVQ3ENEN3H354QPXEZ/
- https://usn.ubuntu.com/4407-1/
- https://www.openwall.com/lists/oss-security/2020/06/30/2
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime