Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-15690

Опубликовано: 20 дек. 2019
Источник: redhat
CVSS3: 9.8
EPSS Низкий

Описание

LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.

A flaw was found in libvncserver. An integer overflow within the HandleCursorShape() function can be exploited to cause a heap-based buffer overflow by tricking a user or application using libvncserver to connect to an unstrusted server and subsequently send cursor shapes with specially crafted dimensions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Меры по смягчению последствий

Libvncserver should not be used to connect to untrusted server.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libvncserverOut of support scope
Red Hat Enterprise Linux 7libvncserverFixedRHSA-2020:091323.03.2020
Red Hat Enterprise Linux 8libvncserverFixedRHSA-2020:092023.03.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP SolutionslibvncserverFixedRHSA-2020:092123.03.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-190->CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1811948libvncserver: HandleCursorShape() integer overflow resulting in heap-based buffer overflow

EPSS

Процентиль: 82%
0.01662
Низкий

9.8 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-15690

CVSS3: 8.8
ubuntu
около 1 года назад

LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.

nvd логотип

CVE-2019-15690

CVSS3: 8.8
nvd
около 1 года назад

LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.

debian логотип

CVE-2019-15690

CVSS3: 8.8
debian
около 1 года назад

LibVNCServer 0.9.12 release and earlier contains heap buffer overflow ...

github логотип

GHSA-rx9w-c6jv-2grg

CVSS3: 8.8
github
около 1 года назад

LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.

oracle-oval логотип

ELSA-2020-0920

oracle-oval
почти 6 лет назад

ELSA-2020-0920: libvncserver security update (IMPORTANT)

EPSS

Процентиль: 82%
0.01662
Низкий

9.8 Critical

CVSS3