Description: CVE-
2018-
20021
CWE-
835: Infinite loop vulnerability in VNC client code. Vulnerability allows
attacker to consume excessive amount of resources like CPU and RAM
---
Author: Abhijith PA <abhijith@debian.org>
Origin: https://github.com/LibVNC/libvncserver/commit/c3115350eb8bb
635d0fdb4dbbb
0d0541f38ed19c
Bug: https://github.com/LibVNC/libvncserver/issues/
251
Bug-Debian: https://bugs.debian.org/
916941
Last-Update:
2018-
12-
23
--- a/vnc_unixsrc/vncviewer/rfbproto.c
+++ b/vnc_unixsrc/vncviewer/rfbproto.c
@@ -3156,7 +3156,7 @@
if
(db
) fprintf
(stderr, "Raw: %dx%d+%d+%d\n", rect.r.w, rect.r.h, rect.r.x, rect.r.y
);
area_raw += rect.r.w * rect.r.h;
- while (rect.r.h > 0) {
+ while (linesToRead && rect.r.h > 0) {
if
(linesToRead > rect.r.h
) {
linesToRead = rect.r.h;
}