Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 18 Feb 2018 14:26:02 -0800
From: Anthony Liguori <>
Subject: Re: LibVNCServer rfbserver.c: rfbProcessClientNormalMessage()
 case rfbClientCutText doesn't sanitize msg.cct.length

FWIW, QEMU had a similar issue a few years ago.  There's no shared code,
but I bet your test case would have worked there too.


Anthony Liguori

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ