CVE-2019-15679 — Heap-based Buffer Overflow in Tightvnc

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

2.6%

top 14.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tightvnc Debian Tightvnc Kaspersky Tightvnc

Timeline

PublishedOct 29

Latest updateMay 24

Description

TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/tightvnc< tightvnc 1:1.3.9-9.1 (bookworm)

▶Debiantightvnc/tightvnc< 1:1.3.9-9.1+3

▶NVDtightvnc/tightvnc1.3.10

▶CVEListV5kaspersky/tightvnc1.3.10

🔴Vulnerability Details

GHSA

GHSA-w238-gwcm-c55r: TightVNC code version 1↗2022-05-24

▶

OSV

CVE-2019-15679: TightVNC code version 1↗2019-10-29

▶

📋Vendor Advisories

CISA ICS

Siemens Products using TightVNC (Update A)↗2020-12-08

▶

Debian

CVE-2019-15679: tightvnc - TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConne...↗2019

▶