Vulnerability Details CVE-2019-15680
TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 84.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf
- https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08
- https://usn.ubuntu.com/4407-1/
- https://www.openwall.com/lists/oss-security/2018/12/10/5
- https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf
- https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08
- https://usn.ubuntu.com/4407-1/
- https://www.openwall.com/lists/oss-security/2018/12/10/5