CVE-2019-8263
05.03.2019, 15:29
UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206.Enginsight
| Vendor | Product | Version |
|---|---|---|
| uvnc | ultravnc | 𝑥 < 1.2.2.3 |
| siemens | sinumerik_access_mymachine\/p2p | 𝑥 < 4.8 |
| siemens | sinumerik_pcu_base_win10_software\/ipc | 𝑥 < 14.00 |
| siemens | sinumerik_pcu_base_win7_software\/ipc | 𝑥 ≤ 12.01 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References