Main Vulnerability Database Vulnerabilities #VU22958

#VU22958 Stack-based buffer overflow in TurboVNC - CVE-2019-15683

Published: November 25, 2019

Vulnerability identifier: #VU22958

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-15683

CWE-ID: CWE-121

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
TurboVNC

Software vendor:
TurboVNC

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when stack frame is not protected with stack canary. A remote authenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://github.com/TurboVNC/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e
https://ics-cert.kaspersky.com/reports/2019/11/22/vnc-vulnerability-research/

#VU22958 Stack-based buffer overflow in TurboVNC - CVE-2019-15683

Description

Remediation

External links

Please verify you're human