Vulnerability Details CVE-2019-15679
TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.128
EPSS Ranking 95.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf
- https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08
- https://www.openwall.com/lists/oss-security/2018/12/10/5
- https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf
- https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08
- https://www.openwall.com/lists/oss-security/2018/12/10/5