CVE-2013-5745

Publication date 20 September 2013

Last updated 24 July 2024

Ubuntu priority

The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
vino	13.04 raring	Fixed 3.6.2-0ubuntu4.1
	12.10 quantal	Fixed 3.6.0-0ubuntu1.2
	12.04 LTS precise	Fixed 3.4.2-0ubuntu1.3
	10.04 LTS lucid	Ignored

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
vino	Upstream: ?id=514 Upstream: ?id=860

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1980-1
Vino vulnerability
30 September 2013

Other references

http://seclists.org/fulldisclosure/2013/Sep/105
https://www.cve.org/CVERecord?id=CVE-2013-5745