CVE-2019-8270 — Out-of-bounds Read in Ultravnc

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 40.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uvnc Ultravnc Kaspersky LAB Ultravnc

Timeline

PublishedMar 8

Latest updateMay 13

Description

UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDuvnc/ultravnc< 1.2.2.3

▶CVEListV5kaspersky_lab/ultravnc1.2.2.3

🔴Vulnerability Details

GHSA

GHSA-f4q5-97fh-j49q: UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condit↗2022-05-13

▶

📋Vendor Advisories

CISA ICS

Siemens SINUMERIK↗2020-06-12

▶