CVE-2020-37132 — Stack-based Buffer Overflow in Ultravnc

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write2 documents2 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 99.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uvnc Ultravnc Ultravnc Team Ultravnc Launcher

Timeline

PublishedFeb 5

Description

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long 300-character string into the password field to trigger an application crash and prevent normal launcher functionality.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5ultravnc_team/ultravnc_launcher1.2.4.0

▶NVDuvnc/ultravnc1.2.4.0

🔴Vulnerability Details

GHSA

GHSA-755p-gj8q-88j5: UltraVNC Launcher 1↗2026-02-05

▶