CVE-2020-37133 — Stack-based Buffer Overflow in Ultravnc

CWE-121 — Stack-based Buffer Overflow CWE-787 — Out-of-bounds Write2 documents2 sources

Severity

6.7MEDIUMNVD

EPSS

0.0%

top 96.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uvnc Ultravnc Ultravnc Team Ultravnc Launcher

Timeline

PublishedFeb 5

Description

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5ultravnc_team/ultravnc_launcher1.2.4.0

▶NVDuvnc/ultravnc1.2.4.0

🔴Vulnerability Details

GHSA

GHSA-xxc7-rq23-x492: UltraVNC Launcher 1↗2026-02-05

▶