CVE-2019-8263Stack-based Buffer Overflow in Ultravnc

CWE-121Stack-based Buffer OverflowCWE-787Out-of-bounds Write5 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.8%
top 25.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Siemens Sinumerik Access Mymachine P2PSiemens Sinumerik PCU Base Win10 Software IPCUvnc Ultravnc+2 more
Timeline
PublishedMar 5
Latest updateMay 13

Description

UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

NVDuvnc/ultravnc< 1.2.2.3
CVEListV5kaspersky_lab/ultravnc1.2.2.3

🔴Vulnerability Details

1
GHSA
GHSA-3ccg-xj7w-w764: UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of servic2022-05-13

📋Vendor Advisories

3
CISA ICS
Siemens SIMATIC UltraVNC HMI WinCC Products2021-05-11
CISA ICS
Siemens SINAMICS Medium Voltage Products Remote Access (Update B)2021-05-11
CISA ICS
Siemens SINUMERIK2020-06-12