CVE-2019-15678
29.10.2019, 19:15
TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.Enginsight
| Vendor | Product | Version |
|---|---|---|
| tightvnc | tightvnc | 1.3.10 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| bochs |
| ||||||||||||||||||||||||||||
| directvnc |
| ||||||||||||||||||||||||||||
| libvncserver |
| ||||||||||||||||||||||||||||
| ssvnc |
| ||||||||||||||||||||||||||||
| tightvnc |
| ||||||||||||||||||||||||||||
| veyon |
| ||||||||||||||||||||||||||||
| vino |
| ||||||||||||||||||||||||||||
| vlc |
| ||||||||||||||||||||||||||||
| vncsnapshot |
| ||||||||||||||||||||||||||||
| x11vnc |
| ||||||||||||||||||||||||||||
| x2vnc |
|
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References