← Voltar para CVEs
CVE-2019-15695
HIGH7.2
Descricao
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.
Detalhes CVE
Pontuacao CVSS v3.17.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosHIGH
Interacao do usuarioNONE
Publicado12/26/2019
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
opensuse:leaptigervnc:tigervnc
Fraquezas (CWE)
CWE-121CWE-754CWE-787
Referencias
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html(vulnerability@kaspersky.com)
https://github.com/CendioOssman/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89(vulnerability@kaspersky.com)
https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1(vulnerability@kaspersky.com)
https://www.openwall.com/lists/oss-security/2019/12/20/2(vulnerability@kaspersky.com)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/CendioOssman/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2019/12/20/2(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.