Details | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 56 | magnus | 1 | Description: CVE-2018-20022 |
| 2 | multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC |
||
| 3 | client code that allows attacker to read stack memory and can be abuse for |
||
| 4 | information disclosure. Combined with another vulnerability, it can be used |
||
| 5 | to leak stack memory layout and in bypassing ASLR |
||
| 6 | --- |
||
| 7 | |||
| 8 | Author: Abhijith PA <abhijith@debian.org> |
||
| 9 | Origin: https://github.com/LibVNC/libvncserver/commit/2f5b2ad1c6c99b1ac6482c95844a84d66bb52838 |
||
| 10 | Bug: https://github.com/LibVNC/libvncserver/issues/252 |
||
| 11 | Bug-Debian: https://bugs.debian.org/916941 |
||
| 12 | Last-Update: 2018-12-23 |
||
| 13 | |||
| 14 | --- a/vnc_unixsrc/vncviewer/rfbproto.c |
||
| 15 | +++ b/vnc_unixsrc/vncviewer/rfbproto.c |
||
| 16 | @@ -2447,6 +2447,7 @@ |
||
| 17 | } |
||
| 18 | } |
||
| 19 | |||
| 20 | + memset(&ke, 0, sizeof(ke)); |
||
| 21 | ke.type = rfbKeyEvent; |
||
| 22 | ke.down = down ? 1 : 0; |
||
| 23 | ke.key = Swap32IfLE(key); |
||
| 24 | @@ -2480,6 +2481,7 @@ |
||
| 25 | return True; |
||
| 26 | } |
||
| 27 | |||
| 28 | + memset(&cct, 0, sizeof(cct)); |
||
| 29 | cct.type = rfbClientCutText; |
||
| 30 | cct.length = Swap32IfLE((unsigned int) len); |
||
| 31 | currentMsg = rfbClientCutText; |