A memory leak flaw was found in the way TigerVNC handled termination of VeNCrypt connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion.
In TigerVNC (SSecurityVeNCrypt.cxx SSecurityVeNCrypt::SSecurityVeNCrypt), an unauthenticated client can cause a small memory leak in the server.
Created tigervnc tracking bugs for this issue:
Affects: fedora-all [bug 1438704]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2017:2000 https://access.redhat.com/errata/RHSA-2017:2000