CVE-2017-18922

Vulnerability

CVE-2017-18922 is a heap-based buffer overflow vulnerability in the WebSocket decoding functionality (websockets.c) of LibVNCServer prior to version 0.9.12 [2][3][4]. The bug occurs because the code does not properly decode certain WebSocket frames, leading to a buffer overflow on the heap [1][2]. Any server using the vulnerable library with WebSocket support enabled is affected [1].

Exploitation

An attacker can exploit this vulnerability by sending specially crafted WebSocket frames to a server running a vulnerable version of LibVNCServer [1][2]. No authentication is required, and the attacker only needs network access to the server's WebSocket endpoint [2]. The exploit is triggered purely through network communication, without requiring user interaction [2].

Impact

Successful exploitation allows a remote attacker to overwrite a function pointer in the server's memory [2]. This can lead to arbitrary code execution with the privileges of the LibVNCServer process, potentially resulting in full compromise of the affected system [1][2]. The vulnerability has a high severity and could also be used to cause a denial of service [1].

Mitigation

The issue was fixed upstream in commit aac95a9dcf4bbba87b76c72706c3221a842ca433 and released in LibVNCServer version 0.9.12 [2][3][4]. Distributions including Ubuntu (USN-4407-1) [1], Red Hat Enterprise Linux 7 (RHSA-2020:3281), and Red Hat Enterprise Linux 8 (RHSA-2020:3385) have released updates [2]. Users should upgrade to the patched version or apply the appropriate vendor update; affected versions that remain unpatched should be considered vulnerable [1][2].