← Zuruck zu CVEs
CVE-2019-8287
CRITICAL9.8
Beschreibung
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht10/29/2019
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
tightvnc:tightvnc
Schwachen (CWE)
CWE-120CWE-120
Referenzen
https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf(vulnerability@kaspersky.com)
https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html(vulnerability@kaspersky.com)
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08(vulnerability@kaspersky.com)
https://www.openwall.com/lists/oss-security/2018/12/10/5(vulnerability@kaspersky.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html(af854a3a-2127-422b-91ae-364da2661108)
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2018/12/10/5(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.