Unrated severityNVD Advisory· Published Mar 5, 2019· Updated Sep 16, 2024

CVE-2019-8259

Description

UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199.

Affected products

Ultravnc/Ultravncv5
Range: 1.2.2.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert-portal.siemens.com/productcert/pdf/ssa-286838.pdfmitrex_refsource_CONFIRM
cert-portal.siemens.com/productcert/pdf/ssa-927095.pdfmitrex_refsource_CONFIRM
cert-portal.siemens.com/productcert/pdf/ssa-940818.pdfmitrex_refsource_CONFIRM
ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/mitrex_refsource_MISC
us-cert.cisa.gov/ics/advisories/icsa-21-131-11mitrex_refsource_MISC
www.us-cert.gov/ics/advisories/icsa-20-161-06mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000