CVE-2019-8287
published 2019-10-29CVE-2019-8287: TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear…
PriorityP261critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
19.46%
97.0th percentile
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tightvnc | < tightvnc 1:1.3.9-9.1 (bookworm) | tightvnc 1:1.3.9-9.1 (bookworm) |
| kaspersky | tightvnc | — | — |
| tightvnc | tightvnc | — | — |
| tightvnc | tightvnc | >= 0 < 1:1.3.9-9.1 | 1:1.3.9-9.1 |
| tightvnc | tightvnc | >= 0 < 1:1.3.9-9.1 | 1:1.3.9-9.1 |
| tightvnc | tightvnc | >= 0 < 1:1.3.9-9.1 | 1:1.3.9-9.1 |
| tightvnc | tightvnc | >= 0 < 1:1.3.9-9.1 | 1:1.3.9-9.1 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2019-8287 is a global buffer overflow in the HandleCoRREBBP macro function in TightVNC 1.3.10, exploitable via network connectivity and potentially resulting in code execution. ↗
- →Target the HandleCoRREBBP macro function in TightVNC v1.x client code as the vulnerable code path for this overflow; network-delivered RFB/VNC protocol messages triggering CoRRE encoding handling are the attack vector. ↗
- →CVSS v3 base score 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) — unauthenticated, network-exploitable, no user interaction required; prioritize detection at the network perimeter for VNC traffic. ↗
- ·Debian fixed this vulnerability in package version 1:1.3.9-9.1 across bookworm, bullseye, forky, sid, and trixie; note the fixed package version is 1.3.9-9.1 (a patched 1.3.9 package), not 1.3.10. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Products using TightVNC (Update A)
cisa_ics·2020-12-08
Siemens Products using TightVNC (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Products using TightVNC (Update A)
Last RevisedMay 11, 2021
Alert CodeICSA-20-343-08
## 1. EXECUTIVE SUMMARY
--------- Begin Update A Part 1 of 5 ---------
This advisory was previously released with a set of Siemens products considered to be affected. Following further investigation by the Siemens’ team, it was determined all products previously advised are not affected by any vulnerability listed in this advisory or Siemens Security Advisory SSA-478893
- Vendor: Siemens
- Equipment: SIMATIC ITC Industrial Thin Clients, SIMATIC WinCC Runtime Advanced/Professional, SIM
Debian
CVE-2019-8287: tightvnc - TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP m...
vendor_debian·2019·CVSS 9.8
CVE-2019-8287 [CRITICAL] CVE-2019-8287: tightvnc - TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP m...
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
Scope: local
bookworm: resolved (fixed in 1:1.3.9-9.1)
bullseye: resolved (fixed in 1:1.3.9-9.1)
forky: resolved (fixed in 1:1.3.9-9.1)
sid: resolved (fixed in 1:1.3.9-9.1)
trixie: resolved (fixed in 1:1.3.9-9.1)
GHSA
GHSA-frvw-vf5g-vxwg: TightVNC code version 1
ghsa_unreviewed·2022-05-24
CVE-2019-8287 [CRITICAL] CWE-120 GHSA-frvw-vf5g-vxwg: TightVNC code version 1
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
OSV
CVE-2019-8287: TightVNC code version 1
osv·2019-10-29·CVSS 9.8
CVE-2019-8287 [CRITICAL] CVE-2019-8287: TightVNC code version 1
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdfhttps://lists.debian.org/debian-lts-announce/2019/12/msg00028.htmlhttps://us-cert.cisa.gov/ics/advisories/icsa-20-343-08https://www.openwall.com/lists/oss-security/2018/12/10/5https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdfhttps://lists.debian.org/debian-lts-announce/2019/12/msg00028.htmlhttps://us-cert.cisa.gov/ics/advisories/icsa-20-343-08https://www.openwall.com/lists/oss-security/2018/12/10/5
2019-10-29
Published