?revision_form?Rev ?revision_input??revision_submit??revision_endform?
Blame |
Last modification |
View Log
| RSS feed
Description: CVE-2018-20024
null pointer dereference in VNC client code that can result DoS.
---
Author: Abhijith PA <abhijith@debian.org>
Origin: https://github.com/LibVNC/libvncserver/commit/4a21bbd097ef7c44bb000c3bd0907f96a10e4ce7
Bug: https://github.com/LibVNC/libvncserver/issues/254
Bug-Debian: https://bugs.debian.org/916941
Last-Update: 2018-12-23
[sunweaver] Investigate CVE-2018-20024 in ssvnc and find similar issues in zrle.c and zlib.c.
The ultra.c code that this has originally been reported against is not present in
ssvnc.
--- a/vnc_unixsrc/vncviewer/zlib.c
+++ b/vnc_unixsrc/vncviewer/zlib.c
@@ -55,6 +55,11 @@
raw_buffer_size = (( rw * rh ) * ( BPP / 8 ));
raw_buffer = (char*) malloc( raw_buffer_size );
+ if (raw_buffer == NULL) {
+
+ return False;
+
+ }
}
if (!ReadFromRFBServer((char *)&hdr, sz_rfbZlibHeader))
--- a/vnc_unixsrc/vncviewer/zrle.c
+++ b/vnc_unixsrc/vncviewer/zrle.c
@@ -132,6 +132,12 @@
raw_buffer_size = min_buffer_size;
raw_buffer = (char*) malloc( raw_buffer_size );
+ if ( raw_buffer == NULL ) {
+
+ return False;
+
+ }
+
}
if (!ReadFromRFBServer((char *)&header, sz_rfbZRLEHeader))