Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-15691

Опубликовано: 20 дек. 2019
Источник: redhat
CVSS3: 7.2
EPSS Низкий

Описание

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6tigervncOut of support scope
Red Hat Enterprise Linux 7tigervncFixedRHSA-2020:387529.09.2020
Red Hat Enterprise Linux 8tigervncFixedRHSA-2020:149716.04.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-672
https://bugzilla.redhat.com/show_bug.cgi?id=1789908tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder

EPSS

Процентиль: 88%
0.03872
Низкий

7.2 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-15691

CVSS3: 7.2
ubuntu
около 6 лет назад

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

nvd логотип

CVE-2019-15691

CVSS3: 7.2
nvd
около 6 лет назад

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

debian логотип

CVE-2019-15691

CVSS3: 7.2
debian
около 6 лет назад

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-retu ...

github логотип

GHSA-vmc8-ggh9-8p8j

CVSS3: 7.2
github
больше 3 лет назад

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

fstec логотип

BDU:2021-01414

CVSS3: 7.2
fstec
около 6 лет назад

Уязвимость декодера ZRLEDecoder программного обеспечения VNC TigerVNC, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 88%
0.03872
Низкий

7.2 High

CVSS3