libvncserver container a heap-based buffer overflow within the websocket decoding functionality, which can be exploited by a malicious attacker to overwrite a function pointer. Patch: https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433
Created libvncserver tracking bugs for this issue: Affects: fedora-all [bug 1852511]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3281 https://access.redhat.com/errata/RHSA-2020:3281
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2017-18922
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3385 https://access.redhat.com/errata/RHSA-2020:3385
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3456 https://access.redhat.com/errata/RHSA-2020:3456
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3588 https://access.redhat.com/errata/RHSA-2020:3588