ID CVE-2019-15680
Summary TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.
References
Vulnerable Configurations
  • cpe:2.3:a:tightvnc:tightvnc:1.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:tightvnc:tightvnc:1.3.10:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 09-12-2020 - 17:15)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf
misc https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08
mlist
  • [debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update
  • [oss-security] 20181210 libvnc and tightvnc vulnerabilities
ubuntu USN-4407-1
Last major update 09-12-2020 - 17:15
Published 29-10-2019 - 19:15
Last modified 09-12-2020 - 17:15
Back to Top