|
Line
Link Here
|
|
multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC |
|
multiple weaknesses CWE-665: Improper Initialization vulnerability in VNC |
| 1 |
client code that allows attacker to read stack memory and can be abuse for |
1 |
client code that allows attacker to read stack memory and can be abuse for |
| 2 |
information disclosure. Combined with another vulnerability, it can be used |
2 |
information disclosure. Combined with another vulnerability, it can be used |
| 3 |
to leak stack memory layout and in bypassing ASLR |
3 |
to leak stack memory layout and in bypassing ASLR |
| 4 |
-- |
4 |
++ b/vnc_unixsrc/vncviewer/rfbproto.c |
| 5 |
-- a/vnc_unixsrc/vncviewer/rfbproto.c |
|
|
|
Lines 2447-2452
Link Here
|
| 2447 |
} |
2447 |
} |
| 2448 |
} |
2448 |
} |
| 2449 |
|
2449 |
|
|
|
2450 |
memset(&ke, 0, sizeof(ke)); |
| 2450 |
ke.type = rfbKeyEvent; |
2451 |
ke.type = rfbKeyEvent; |
| 2451 |
ke.down = down ? 1 : 0; |
2452 |
ke.down = down ? 1 : 0; |
| 2452 |
ke.key = Swap32IfLE(key); |
2453 |
ke.key = Swap32IfLE(key); |
|
Lines 2480-2485
Link Here
|
| 2480 |
return True; |
2481 |
return True; |
| 2481 |
} |
2482 |
} |
| 2482 |
|
2483 |
|
|
|
2484 |
memset(&cct, 0, sizeof(cct)); |
| 2483 |
cct.type = rfbClientCutText; |
2485 |
cct.type = rfbClientCutText; |
| 2484 |
cct.length = Swap32IfLE((unsigned int) len); |
2486 |
cct.length = Swap32IfLE((unsigned int) len); |
| 2485 |
currentMsg = rfbClientCutText; |
2487 |
currentMsg = rfbClientCutText; |
