CVE-2019-8265Access of Memory Location After End of Buffer in Ultravnc

CWE-788Access of Memory Location After End of BufferCWE-125Out-of-bounds ReadCWE-787Out-of-bounds Write5 documents3 sources
Severity
9.8CRITICALNVD
EPSS
1.6%
top 18.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Uvnc UltravncKaspersky LAB Ultravnc
Timeline
PublishedMar 8
Latest updateMay 13

Description

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1208.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDuvnc/ultravnc< 1.2.2.3
CVEListV5kaspersky_lab/ultravnc1.2.2.3

🔴Vulnerability Details

1
GHSA
GHSA-96hw-425v-fcg3: UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which ca2022-05-13

📋Vendor Advisories

3
CISA ICS
Siemens SIMATIC UltraVNC HMI WinCC Products2021-05-11
CISA ICS
Siemens SINAMICS Medium Voltage Products Remote Access (Update B)2021-05-11
CISA ICS
Siemens SINUMERIK2020-06-12