Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
56 | magnus | 1 | Description: CVE-2018-20022 |
2 | multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC |
||
3 | client code that allows attacker to read stack memory and can be abuse for |
||
4 | information disclosure. Combined with another vulnerability, it can be used |
||
5 | to leak stack memory layout and in bypassing ASLR |
||
6 | --- |
||
7 | |||
8 | Author: Abhijith PA <abhijith@debian.org> |
||
9 | Origin: https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 |
||
10 | Bug: https://github.com/LibVNC/libvncserver/issues/252 |
||
11 | Bug-Debian: https://bugs.debian.org/916941 |
||
12 | Last-Update: 2018-12-23 |
||
13 | |||
14 | --- a/vnc_unixsrc/vncviewer/rfbproto.c |
||
15 | +++ b/vnc_unixsrc/vncviewer/rfbproto.c |
||
16 | @@ -2447,6 +2447,7 @@ |
||
17 | } |
||
18 | } |
||
19 | |||
20 | + memset(&ke, 0, sizeof(ke)); |
||
21 | ke.type = rfbKeyEvent; |
||
22 | ke.down = down ? 1 : 0; |
||
23 | ke.key = Swap32IfLE(key); |
||
24 | @@ -2480,6 +2481,7 @@ |
||
25 | return True; |
||
26 | } |
||
27 | |||
28 | + memset(&cct, 0, sizeof(cct)); |
||
29 | cct.type = rfbClientCutText; |
||
30 | cct.length = Swap32IfLE((unsigned int) len); |
||
31 | currentMsg = rfbClientCutText; |