CVE-2017-7394

Metadata

medium
5.0
tigervnc
CVE-2017-7394
cve.mitre.org, bugs.debian.org
2017-03-31
2017-10-23 14:17
ALAS-2017-879
CVE-2017-7394 tigervnc
2017-06-16 19:22
2017-05-10 23:47
2017-04-14 10:20
2017-04-04 02:03

Description

In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
artful tigervnc None
devel tigervnc None
upstream tigervnc None
zesty tigervnc None

Unaffected

Release Package Reason
precise tigervnc DNE
precise/esm tigervnc DNE
trusty tigervnc DNE
vivid/stable-phone-overlay tigervnc DNE
vivid/ubuntu-core tigervnc DNE
xenial tigervnc DNE
yakkety tigervnc DNE