CVE-2019-15679
published 2019-10-29CVE-2019-15679: TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear…
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
12.80%
95.8th percentile
TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tightvnc | < tightvnc 1:1.3.9-9.1 (bookworm) | tightvnc 1:1.3.9-9.1 (bookworm) |
| kaspersky | tightvnc | — | — |
| tightvnc | tightvnc | — | — |
| tightvnc | tightvnc | >= 0 < 1:1.3.9-9.1 | 1:1.3.9-9.1 |
| tightvnc | tightvnc | >= 0 < 1:1.3.9-9.1 | 1:1.3.9-9.1 |
| tightvnc | tightvnc | >= 0 < 1:1.3.9-9.1 | 1:1.3.9-9.1 |
| tightvnc | tightvnc | >= 0 < 1:1.3.9-9.1 | 1:1.3.9-9.1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w238-gwcm-c55r: TightVNC code version 1
ghsa_unreviewed·2022-05-24
CVE-2019-15679 [HIGH] CWE-787 GHSA-w238-gwcm-c55r: TightVNC code version 1
TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
OSV
CVE-2019-15679: TightVNC code version 1
osv·2019-10-29·CVSS 9.8
CVE-2019-15679 [CRITICAL] CVE-2019-15679: TightVNC code version 1
TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
CISA ICS
Siemens Products using TightVNC (Update A)
cisa_ics·2020-12-08
Siemens Products using TightVNC (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Products using TightVNC (Update A)
Last RevisedMay 11, 2021
Alert CodeICSA-20-343-08
## 1. EXECUTIVE SUMMARY
--------- Begin Update A Part 1 of 5 ---------
This advisory was previously released with a set of Siemens products considered to be affected. Following further investigation by the Siemens’ team, it was determined all products previously advised are not affected by any vulnerability listed in this advisory or Siemens Security Advisory SSA-478893
- Vendor: Siemens
- Equipment: SIMATIC ITC Industrial Thin Clients, SIMATIC WinCC Runtime Advanced/Professional, SIM
Debian
CVE-2019-15679: tightvnc - TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConne...
vendor_debian·2019·CVSS 9.8
CVE-2019-15679 [CRITICAL] CVE-2019-15679: tightvnc - TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConne...
TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
Scope: local
bookworm: resolved (fixed in 1:1.3.9-9.1)
bullseye: resolved (fixed in 1:1.3.9-9.1)
forky: resolved (fixed in 1:1.3.9-9.1)
sid: resolved (fixed in 1:1.3.9-9.1)
trixie: resolved (fixed in 1:1.3.9-9.1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdfhttps://lists.debian.org/debian-lts-announce/2019/12/msg00028.htmlhttps://us-cert.cisa.gov/ics/advisories/icsa-20-343-08https://www.openwall.com/lists/oss-security/2018/12/10/5https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdfhttps://lists.debian.org/debian-lts-announce/2019/12/msg00028.htmlhttps://us-cert.cisa.gov/ics/advisories/icsa-20-343-08https://www.openwall.com/lists/oss-security/2018/12/10/5
2019-10-29
Published