What is the severity of CVE-2017-7395?

CVE-2017-7395 is categorized as a vulnerability that can allow an authenticated client to crash the TigerVNC server.

How do I fix CVE-2017-7395?

To fix CVE-2017-7395, users should update TigerVNC to version 1.7.2 or later, which includes the necessary patches.

What versions of TigerVNC are affected by CVE-2017-7395?

CVE-2017-7395 affects TigerVNC version 1.7.1.

Can CVE-2017-7395 be exploited remotely?

CVE-2017-7395 requires an authenticated client, meaning exploitation can occur only from users with access to the server.

What are the consequences of CVE-2017-7395?

The main consequence of CVE-2017-7395 is a denial of service, as it allows an authenticated client to crash the TigerVNC server.

Vulnerability/
CVE-2017-7395

medium

6.5

CWE

190

1/4/2017

13/1/2018

CVE-2017-7395: Integer Overflow

First published: Sat Apr 01 2017(Updated: )

In TigerVNC (SMsgReader.cxx SMsgReader::readClientCutText), an authenticated client can crash the server by causing an integer overflow. Upstream patch: <a href="https://github.com/TigerVNC/tigervnc/pull/436/commits/bf3bdac082978ca32895a4b6a123016094905689">https://github.com/TigerVNC/tigervnc/pull/436/commits/bf3bdac082978ca32895a4b6a123016094905689</a>

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
TigerVNC	=1.7.1

Remedy

https://github.com/TigerVNC/tigervnc/pull/436

Remedy

https://github.com/TigerVNC/tigervnc/pull/436/commits/bf3bdac082978ca32895a4b6a123016094905689

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-7395?
CVE-2017-7395 is categorized as a vulnerability that can allow an authenticated client to crash the TigerVNC server.
How do I fix CVE-2017-7395?
To fix CVE-2017-7395, users should update TigerVNC to version 1.7.2 or later, which includes the necessary patches.
What versions of TigerVNC are affected by CVE-2017-7395?
CVE-2017-7395 affects TigerVNC version 1.7.1.
Can CVE-2017-7395 be exploited remotely?
CVE-2017-7395 requires an authenticated client, meaning exploitation can occur only from users with access to the server.
What are the consequences of CVE-2017-7395?
The main consequence of CVE-2017-7395 is a denial of service, as it allows an authenticated client to crash the TigerVNC server.

agent/type
agent/remedy
agent/first-publish-date
agent/last-modified-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2017-7395
agent/severity
agent/references
agent/author
agent/description
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
agent/softwarecombine
vendor/tigervnc
canonical/tigervnc
version/tigervnc/1.7.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.