CVE-2018-15361 — Buffer Underflow in Ultravnc

CWE-124 — Buffer Underflow CWE-787 — Out-of-bounds Write3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

1.3%

top 20.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uvnc Ultravnc Ultravnc

Timeline

PublishedMar 5

Latest updateMay 13

Description

UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDuvnc/ultravnc< 1.2.2.3

▶CVEListV5ultravnc/ultravnc1.2.2.3

🔴Vulnerability Details

GHSA

GHSA-5g7c-7pq7-39h8: UltraVNC revision 1198 has a buffer underflow vulnerability in VNC client code, which can potentially result in code execution↗2022-05-13

▶

📋Vendor Advisories

CISA ICS

Siemens SINUMERIK↗2020-06-12

▶