Fluid Attacks Database

Description

The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	tigervnc	>=0 <1.7.0-1	1.7.0-1
debian 13	tigervnc	>=0 <1.7.0-1	1.7.0-1
debian 12	tigervnc	>=0 <1.7.0-1	1.7.0-1
debian 14	tigervnc	>=0 <1.7.0-1	1.7.0-1
rpm rhel6	tigervnc	<0:1.1.0-24.el6	0:1.1.0-24.el6
rpm rhel7	fltk	<0:1.3.4-1.el7	0:1.3.4-1.el7
rpm rhel7	tigervnc	<0:1.8.0-1.el7	0:1.8.0-1.el7

Aliases

1. CVE-2016-102072. NVD-2016-102073. OSV-DEBIAN-2016-102074. OSV-2016-102075. SECURITY-TRACKER-CVE-2016-10207

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.