Required CVE Record Information
Description
TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
References 4 Total
- openwall.com: [oss-security] 20181210 libvnc and tightvnc vulnerabilities mailing-list
- lists.debian.org: [debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update mailing-list
- https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- openwall.com: [oss-security] 20181210 libvnc and tightvnc vulnerabilities mailing-listx_transferred
- lists.debian.org: [debian-lts-announce] 20191221 [SECURITY] [DLA 2045-1] tightvnc security update mailing-listx_transferred
- https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf x_transferred
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08 x_transferred