Red Hat Customer Portal

Skip to main content

CVE-2013-5745

The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.

Details Source

Mitre

Public Date

2010-04-21 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-5745 vino: denial of service flaw

Bugzilla ID

910 082

CVSS Status

verified

Base Score

5.00

Base Metrics

AV:N/AC:L/Au:N/C:N/I:N/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (vino) RHSA-2013:1452 2013-10-22
Red Hat Enterprise Linux 5 (vino) RHSA-2013:1452 2013-10-22

CWE

CWE-400

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 vino Not affected