CVE-2019-15681

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-15681

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15681.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-15681

Related

Published

2019-10-29T19:15:18Z

Modified

2024-09-18T03:02:56.374880Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.

References

Affected packages

Alpine:v3.10 / libvncserver

Package

Name: libvncserver
Purl: pkg:apk/alpine/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11-r3

Affected versions

0.*

0.9.10-r0

0.9.10-r1

0.9.11-r0

0.9.11-r1

0.9.11-r2

Alpine:v3.11 / libvncserver

Package

Name: libvncserver
Purl: pkg:apk/alpine/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.12-r1

Affected versions

0.*

0.9.10-r0

0.9.10-r1

0.9.11-r0

0.9.11-r1

0.9.11-r2

0.9.12-r0

Alpine:v3.7 / libvncserver

Package

Name: libvncserver
Purl: pkg:apk/alpine/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11-r3

Affected versions

0.*

0.9.10-r0

0.9.10-r1

0.9.11-r0

0.9.11-r1

0.9.11-r2

Alpine:v3.8 / libvncserver

Package

Name: libvncserver
Purl: pkg:apk/alpine/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11-r3

Affected versions

0.*

0.9.10-r0

0.9.10-r1

0.9.11-r0

0.9.11-r1

0.9.11-r2

Alpine:v3.9 / libvncserver

Package

Name: libvncserver
Purl: pkg:apk/alpine/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.11-r3

Affected versions

0.*

0.9.10-r0

0.9.10-r1

0.9.11-r0

0.9.11-r1

0.9.11-r2

Debian:11 / libvncserver

Package

Name: libvncserver
Purl: pkg:deb/debian/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.12+dfsg-3

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / libvncserver

Package

Name: libvncserver
Purl: pkg:deb/debian/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.12+dfsg-3

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / libvncserver

Package

Name: libvncserver
Purl: pkg:deb/debian/libvncserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.12+dfsg-3

Ecosystem specific

{
    "urgency": "low"
}

Debian:11 / tightvnc

Package

Name: tightvnc
Purl: pkg:deb/debian/tightvnc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.3.9-9.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / tightvnc

Package

Name: tightvnc
Purl: pkg:deb/debian/tightvnc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.3.9-9.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tightvnc

Package

Name: tightvnc
Purl: pkg:deb/debian/tightvnc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.3.9-9.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / vino

Package

Name: vino
Purl: pkg:deb/debian/vino?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.22.0-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / vino

Package

Name: vino
Purl: pkg:deb/debian/vino?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.22.0-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / vino

Package

Name: vino
Purl: pkg:deb/debian/vino?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.22.0-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/libvnc/libvncserver

Affected ranges

Type: GIT
Repo: https://github.com/libvnc/libvncserver
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a

Affected versions

LibVNCServer-0.*

LibVNCServer-0.9.10

LibVNCServer-0.9.11

LibVNCServer-0.9.12

LibVNCServer-0.9.8

LibVNCServer-0.9.9

Other

X11VNC_0_9_10

X11VNC_0_9_11

X11VNC_0_9_12

X11VNC_0_9_7

X11VNC_0_9_8

X11VNC_0_9_9

X11VNC_REL_0_9_4

X11VNC_REL_0_9_5

X11VNC_REL_0_9_6