[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-5745Date: (C)2013-10-09   (M)2023-12-22


The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.1
Exploit Score: 8.6
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
SECUNIA-55090
RHSA-2013:1452
SUSE-SU-2013:1631
USN-1980-1
https://bugzilla.gnome.org/show_bug.cgi?id=641811
https://bugzilla.gnome.org/show_bug.cgi?id=707905
https://www.trustwave.com/spiderlabs/advisories/TWSL2013-028.txt

CPE    122
cpe:/a:david_king:vino:3.3.3
cpe:/o:canonical:ubuntu_linux:13.04
cpe:/a:david_king:vino:2.26.2
cpe:/a:david_king:vino:2.26.1
...
CWE    1
CWE-20
OVAL    7
oval:org.secpod.oval:def:501120
oval:org.secpod.oval:def:202955
oval:org.secpod.oval:def:202958
oval:org.secpod.oval:def:701440
...

© SecPod Technologies