CVE-2008-5001 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ultravnc

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources

Severity

9.3CRITICALNVD

EPSS

5.5%

top 9.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ultravnc

Timeline

PublishedNov 10

Latest updateMay 17

Description

Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified parameters, a different issue than CVE-2008-0610.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDultravnc/ultravnc1.0.2, 1.0.4+1

🔴Vulnerability Details

GHSA

GHSA-fggx-77cq-hgm9: Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer↗2022-05-17

▶

🕵️Threat Intelligence

Wiz

CVE-2026-3787 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-4962 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

💬Community

Bugzilla

CVE-2007-5001 kernel asynchronous IO on a FIFO kernel panic↗2007-10-10

▶