LibVNCServer.Tight.File.Transfer.Extension.Use.After.Free
Description
This indicates an attack attempt to exploit a Use After Free vulnerability in LibVNCServer.
The vulnerability is due to insufficient validation when the software handles a Tight File Extension file transfer request. A remote attacker may be able to exploit this to execute arbitrary code within the context of the VNC server via crafted packets.
Affected Products
LibVNCServer Development Team LibVNCServer prior to commit ca2a5ac02fbbadd0a21fabba779c1ea69173d10b
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply patch available from the vendor:
https://github.com/LibVNC/libvncserver/commit/ca2a5ac02fbbadd0a21fabba779c1ea69173d10b
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |