Details | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 56 | magnus | 1 | Description: CVE-2018-20021 |
| 2 | CWE-835: Infinite loop vulnerability in VNC client code. Vulnerability allows |
||
| 3 | attacker to consume excessive amount of resources like CPU and RAM |
||
| 4 | --- |
||
| 5 | |||
| 6 | Author: Abhijith PA <abhijith@debian.org> |
||
| 7 | Origin: https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb635d0fdb4dbbb0d0541f38ed19c |
||
| 8 | Bug: https://github.com/LibVNC/libvncserver/issues/251 |
||
| 9 | Bug-Debian: https://bugs.debian.org/916941 |
||
| 10 | Last-Update: 2018-12-23 |
||
| 11 | |||
| 12 | --- a/vnc_unixsrc/vncviewer/rfbproto.c |
||
| 13 | +++ b/vnc_unixsrc/vncviewer/rfbproto.c |
||
| 14 | @@ -3156,7 +3156,7 @@ |
||
| 15 | if (db) fprintf(stderr, "Raw: %dx%d+%d+%d\n", rect.r.w, rect.r.h, rect.r.x, rect.r.y); |
||
| 16 | area_raw += rect.r.w * rect.r.h; |
||
| 17 | |||
| 18 | - while (rect.r.h > 0) { |
||
| 19 | + while (linesToRead && rect.r.h > 0) { |
||
| 20 | if (linesToRead > rect.r.h) { |
||
| 21 | linesToRead = rect.r.h; |
||
| 22 | } |