{"id":"CVE-2016-10207","details":"The Xvnc server in TigerVNC allows remote attackers to cause a denial of service (invalid memory access and crash) by terminating a TLS handshake early.","modified":"2026-07-08T12:35:42.224958Z","published":"2017-02-28T18:59:00.170Z","related":["SUSE-SU-2017:0519-1","SUSE-SU-2017:0622-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"introduced":"42.1"},{"last_affected":"42.1"},{"introduced":"42.2"},{"last_affected":"42.2"}],"cpes":["cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*"],"vendor_product":"opensuse:leap","source":"CPE_STRING"}]},"references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2017-0630.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/02/02/22"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/96012"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2000"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201801-13"},{"type":"REPORT","url":"https://bugzilla.suse.com/show_bug.cgi?id=1023012"},{"type":"FIX","url":"http://lists.opensuse.org/opensuse-security-announce/2017-02/msg00020.html"},{"type":"FIX","url":"https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2017/02/05/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tigervnc/tigervnc","events":[{"introduced":"6f0ce588d170a530514ff4906e0f40cc71b6985d"},{"last_affected":"e25272fc74ef09987ccaa33b9bf1736397c76fdf"},{"fixed":"8aa4bc53206c2430bbf0c8f4b642f59a379ee649"}],"database_specific":{"extracted_events":[{"introduced":"0.0.90"},{"last_affected":"0.0.90"},{"introduced":"0.0.91"},{"last_affected":"0.0.91"},{"introduced":"1.0"},{"last_affected":"1.0"},{"introduced":"1.0.1"},{"last_affected":"1.0.1"},{"introduced":"1.1.0"},{"last_affected":"1.1.0"},{"introduced":"1.3"},{"last_affected":"1.3"},{"introduced":"1.3.1"},{"last_affected":"1.3.1"},{"introduced":"1.7"},{"last_affected":"1.7"}],"source":["CPE_STRING","REFERENCES"],"cpe":["cpe:2.3:a:tigervnc:tigervnc:0.0.90:*:*:*:*:*:*:*","cpe:2.3:a:tigervnc:tigervnc:0.0.91:*:*:*:*:*:*:*","cpe:2.3:a:tigervnc:tigervnc:1.0:*:*:*:*:*:*:*","cpe:2.3:a:tigervnc:tigervnc:1.0.1:*:*:*:*:*:*:*","cpe:2.3:a:tigervnc:tigervnc:1.1.0:*:*:*:*:*:*:*","cpe:2.3:a:tigervnc:tigervnc:1.3:*:*:*:*:*:*:*","cpe:2.3:a:tigervnc:tigervnc:1.3.1:*:*:*:*:*:*:*","cpe:2.3:a:tigervnc:tigervnc:1.7:*:*:*:*:*:*:*"]}}],"versions":["0.0.90","0.0.91","1.0","1.0.1","1.1.0","1.3","1.3.1","1.7","v1.7.0","v1.6.90","v1.1.90","v0.0.90"],"database_specific":{"vanir_signatures_modified":"2026-07-08T12:35:42Z","vanir_signatures":[{"target":{"function":"CSecurityTLS::initGlobal","file":"common/rfb/CSecurityTLS.cxx"},"signature_type":"Function","id":"CVE-2016-10207-19611f48","deprecated":false,"signature_version":"v1","digest":{"length":112,"function_hash":"171867086992537050808562595137253451655"},"source":"https://github.com/tigervnc/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649"},{"target":{"function":"CSecurityTLS::CSecurityTLS","file":"common/rfb/CSecurityTLS.cxx"},"signature_type":"Function","id":"CVE-2016-10207-1b379b22","deprecated":false,"signature_version":"v1","digest":{"length":189,"function_hash":"143615938699941660139493935875896267695"},"source":"https://github.com/tigervnc/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649"},{"target":{"file":"common/rfb/SSecurityTLS.h"},"signature_type":"Line","id":"CVE-2016-10207-23a25e13","deprecated":false,"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["18038378363255758733124619104247325849","251789473859832987350983471159726478597","187149226009871635531125653946408732641","310098626382540940586880226780753074325"]},"source":"https://github.com/tigervnc/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649"},{"target":{"file":"common/rfb/CSecurityTLS.cxx"},"signature_type":"Line","id":"CVE-2016-10207-3d849f54","deprecated":false,"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["47016184762402665857211013828980134991","14739059022928281629603962410197672249","208097829515035696357918195974998350609","338116531157165907600469032379701805630","37258264188890863132684076322155099040","52665784292041773367884480125743972260","147547290665143315137563678094527136411","68253324569338186983971426008193033349","244019251302256360475137847004404711823","73153392213903399666342650987166113190","537444984450678251410319115038972606","269384273939096516951544083306825059971","264021678332221031211448042614440106637","283303869134818960039189928381311889685","54225545078346727288047382855927900578","188785537941265466102941914085768974094","231609148711906973653376425934480896995","274272315895096938904869381851070518319","281753366370543222979483522174296020155","243669231770402971657285371272569472738","137750489719825901934531685332974466390","202929948661104588736386395876585378407","151801706208557417360971226436456180816","50591871270069884478366366343493057637","4168415576508965186549708327414039604","102308367761105190088601533977909938436","140948179231360278803700214089759666477","138362674026882671116716682473606388041"]},"source":"https://github.com/tigervnc/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649"},{"target":{"function":"SSecurityTLS::SSecurityTLS","file":"common/rfb/SSecurityTLS.cxx"},"signature_type":"Function","id":"CVE-2016-10207-3f44d24c","deprecated":false,"signature_version":"v1","digest":{"length":239,"function_hash":"117921951294049063762736889756442498675"},"source":"https://github.com/tigervnc/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649"},{"target":{"function":"CSecurityTLS::processMsg","file":"common/rfb/CSecurityTLS.cxx"},"signature_type":"Function","id":"CVE-2016-10207-4cddd397","deprecated":false,"signature_version":"v1","digest":{"length":1185,"function_hash":"91009934028345850828962024523836544592"},"source":"https://github.com/tigervnc/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649"},{"target":{"function":"CSecurityTLS::shutdown","file":"common/rfb/CSecurityTLS.cxx"},"signature_type":"Function","id":"CVE-2016-10207-541e8dc7","deprecated":false,"signature_version":"v1","digest":{"length":375,"function_hash":"47527870632323908057787090714443928005"},"source":"https://github.com/tigervnc/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649"},{"target":{"function":"SSecurityTLS::processMsg","file":"common/rfb/SSecurityTLS.cxx"},"signature_type":"Function","id":"CVE-2016-10207-5ac842f3","deprecated":false,"signature_version":"v1","digest":{"length":1122,"function_hash":"110008714942387404494197341932370714899"},"source":"https://github.com/tigervnc/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649"},{"target":{"function":"CSecurityTLS::~CSecurityTLS","file":"common/rfb/CSecurityTLS.cxx"},"signature_type":"Function","id":"CVE-2016-10207-6b8e434e","deprecated":false,"signature_version":"v1","digest":{"length":146,"function_hash":"143103637450376446994539111979407402166"},"source":"https://github.com/tigervnc/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649"},{"target":{"function":"SSecurityTLS::shutdown","file":"common/rfb/SSecurityTLS.cxx"},"signature_type":"Function","id":"CVE-2016-10207-7868ced7","deprecated":false,"signature_version":"v1","digest":{"length":447,"function_hash":"328804183454485325181308051578677981116"},"source":"https://github.com/tigervnc/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649"},{"target":{"file":"common/rfb/CSecurityTLS.h"},"signature_type":"Line","id":"CVE-2016-10207-8281f664","deprecated":false,"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["18384268377593114276624972311292748448","324508896151555071258731921665183098181","183648548515803175305686827365835116866","266066711548734101390444500312153530786"]},"source":"https://github.com/tigervnc/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649"},{"target":{"function":"SSecurityTLS::~SSecurityTLS","file":"common/rfb/SSecurityTLS.cxx"},"signature_type":"Function","id":"CVE-2016-10207-88a33fda","deprecated":false,"signature_version":"v1","digest":{"length":143,"function_hash":"278599526013551087084286747111909968480"},"source":"https://github.com/tigervnc/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649"},{"target":{"function":"SSecurityTLS::initGlobal","file":"common/rfb/SSecurityTLS.cxx"},"signature_type":"Function","id":"CVE-2016-10207-c556e9b5","deprecated":false,"signature_version":"v1","digest":{"length":186,"function_hash":"178838927178404697536611136134124885315"},"source":"https://github.com/tigervnc/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649"},{"target":{"file":"common/rfb/SSecurityTLS.cxx"},"signature_type":"Line","id":"CVE-2016-10207-d695b93c","deprecated":false,"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["193366379201603514282967251791993757511","162449171171199331837689809403399138281","105694737345544347405731606953014521492","141592114001221053304789259914304269634","320035609919290039387174728535728075335","42402890074968989902183544643906054382","277190617946176371650077840996346359009","75477022446268391367044340044873005902","96735996688712332269542259469881590003","249915921519708121806658719044725650344","244015502702182887407727905749731780371","207730539695194737891978326304900769682","42608522899225028876781122031175164511","225341055472229949499622099938992518614","203053296191004842925884098470326697210","161731140184750727894245822418978686615","115818982889238420764950013804723890382","322499732133479933428818386095300957194","231609148711906973653376425934480896995","274272315895096938904869381851070518319","281753366370543222979483522174296020155","98083892520746183583372896168608846671","332543445791733147059889352361899803056","289232855498334505422957878127380518575","147655543382129523822566660997759854188","295691885390649557064153052314859365691","78143404245315234934020045265503468514","201023837592470264050101834780845905847","80003818200454989915250678776661792402","287763079786402743856649510257450450595"]},"source":"https://github.com/tigervnc/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10207.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}