Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-15695

Опубликовано: 20 дек. 2019
Источник: redhat
CVSS3: 7.2
EPSS Низкий

Описание

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6tigervncOut of support scope
Red Hat Enterprise Linux 7tigervncFixedRHSA-2020:387529.09.2020
Red Hat Enterprise Linux 8tigervncFixedRHSA-2020:149716.04.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1790318tigervnc: Stack buffer overflow in CMsgReader::readSetCursor

EPSS

Процентиль: 87%
0.03424
Низкий

7.2 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-15695

CVSS3: 7.2
ubuntu
около 6 лет назад

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

nvd логотип

CVE-2019-15695

CVSS3: 7.2
nvd
около 6 лет назад

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

debian логотип

CVE-2019-15695

CVSS3: 7.2
debian
около 6 лет назад

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflo ...

github логотип

GHSA-25ff-c5j2-v9ch

github
больше 3 лет назад

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

fstec логотип

BDU:2021-01411

CVSS3: 7.2
fstec
около 6 лет назад

Уязвимость функции CMsgReader::readSetCursor программного обеспечения VNC TigerVNC, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 87%
0.03424
Низкий

7.2 High

CVSS3