CVE-2019-15683

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-15683
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15683.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-15683
Published
2019-10-29T19:15:18.203Z
Modified
2026-04-11T09:39:41.311612Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity. To exploit this vulnerability authorization on server is required. These issues have been fixed in commit cea98166008301e614e0d36776bf9435a536136e.

References

Affected packages

Git / github.com/turbovnc/turbovnc

Affected ranges

Type
GIT
Repo
https://github.com/turbovnc/turbovnc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f88a93f3c7f3d6ec021cc72ca555a38abc7ece27
Fixed
cea98166008301e614e0d36776bf9435a536136e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.2.3"
        }
    ]
}

Affected versions

0.*
0.1
0.1.1
0.2
0.3
0.3.1
0.3.2
0.3.3
0.4
0.4rc
0.5
0.5.1
0.6
1.*
1.2beta1
1.2rc
2.*
2.0
2.0beta1
2.1beta1
2.1beta2
2.2
2.2.1
2.2.2
2.2beta1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15683.json"
vanir_signatures_modified 
"2026-04-11T09:39:41Z"
vanir_signatures 
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "321098399789155278590542701630116660094",
                "110376766337521774669760174289764065218",
                "29943525514521416460134996161376102012"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2019-15683-161c9cca",
        "signature_version": "v1",
        "source": "https://github.com/turbovnc/turbovnc/commit/f88a93f3c7f3d6ec021cc72ca555a38abc7ece27",
        "target": {
            "file": "unix/Xvnc/programs/Xserver/hw/vnc/rfb.h"
        }
    },
    {
        "digest": {
            "length": 3385.0,
            "function_hash": "124093702064637247985997974000778284450"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2019-15683-1bb462da",
        "signature_version": "v1",
        "source": "https://github.com/turbovnc/turbovnc/commit/f88a93f3c7f3d6ec021cc72ca555a38abc7ece27",
        "target": {
            "function": "rfbssl_init",
            "file": "unix/Xvnc/programs/Xserver/hw/vnc/rfbssl_openssl.c"
        }
    },
    {
        "digest": {
            "length": 25979.0,
            "function_hash": "99271857532757596267321357888603221195"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2019-15683-24c58f43",
        "signature_version": "v1",
        "source": "https://github.com/turbovnc/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e",
        "target": {
            "function": "rfbProcessClientNormalMessage",
            "file": "unix/Xvnc/programs/Xserver/hw/vnc/rfbserver.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "265003661163566263714160541889058204290",
                "110152760130718846248264947725553557992",
                "60859869488290060558906065003251781066",
                "197695474684020073892606425542045749961",
                "9983997437350112634538986533950200626",
                "311411184151679867922956381856018821792",
                "224985538926594046807048576218174592759",
                "175326573742934444244436112266509750132",
                "222310768965214786215076141894050306431",
                "224995232092616580444066769940736230983",
                "97797248543421430235510950784605645362",
                "5672524493887160368240013235369971190",
                "309947611467982562949985479753100556156",
                "25643106407747932759913736179541476966",
                "216120263004806286321996912641384625082",
                "216888251750555450420868774345021040680",
                "272712874815553467796043632950455201614",
                "78724870261082409069240692608029645165",
                "304911798645826102052970361021991392746",
                "221691736213728418693491988391374516301",
                "137499025179910016279737263342698334665",
                "317540050298496451322109536503427972895",
                "80489021243432864928812582683232641973",
                "287493132380746325791222900822286756831",
                "2510659204489365338308118388180534504",
                "276294010459022548303265022494152534473",
                "331789644456914959790960336592507804527",
                "320497737263782583098103033214164342974",
                "308536509360040966016316144118200160348"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2019-15683-3d1b3840",
        "signature_version": "v1",
        "source": "https://github.com/turbovnc/turbovnc/commit/f88a93f3c7f3d6ec021cc72ca555a38abc7ece27",
        "target": {
            "file": "unix/Xvnc/programs/Xserver/hw/vnc/rfbssl_openssl.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "144847464092728159876852341558122396266",
                "275910173042093505059805613431457897072",
                "325022088478188838774782686500669106764",
                "295066054747351720914231462704907938967",
                "81492627191711681821020788719831016087",
                "267545424032642261688812938415232287375",
                "335155389294888900475291758558234590402"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2019-15683-4c3d8eab",
        "signature_version": "v1",
        "source": "https://github.com/turbovnc/turbovnc/commit/f88a93f3c7f3d6ec021cc72ca555a38abc7ece27",
        "target": {
            "file": "unix/Xvnc/programs/Xserver/hw/vnc/rfbssl_gnutls.c"
        }
    },
    {
        "digest": {
            "length": 2925.0,
            "function_hash": "53100650456952740756550190752900025657"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2019-15683-4dd17d53",
        "signature_version": "v1",
        "source": "https://github.com/turbovnc/turbovnc/commit/f88a93f3c7f3d6ec021cc72ca555a38abc7ece27",
        "target": {
            "function": "loadFunctions",
            "file": "unix/Xvnc/programs/Xserver/hw/vnc/rfbssl_openssl.c"
        }
    },
    {
        "digest": {
            "length": 274.0,
            "function_hash": "252046010153634044181616880237114927099"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2019-15683-519a4567",
        "signature_version": "v1",
        "source": "https://github.com/turbovnc/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e",
        "target": {
            "function": "rfbOptPamAuth",
            "file": "unix/Xvnc/programs/Xserver/hw/vnc/auth.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "84989811668681235090654368324166371359",
                "225340399570493989462751207585890862200",
                "149772819929820407629987575473578201407",
                "132530169444806169117064799156249083832",
                "163740370135212854819989345150057617624",
                "38316136736773991526668306957313468086",
                "245053446811325642935502166683140978081",
                "55468130680685345889772970651641312907",
                "98076062974239266064179367437695347517"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2019-15683-682fe39b",
        "signature_version": "v1",
        "source": "https://github.com/turbovnc/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e",
        "target": {
            "file": "unix/Xvnc/programs/Xserver/hw/vnc/rfbserver.c"
        }
    },
    {
        "digest": {
            "length": 3284.0,
            "function_hash": "37949381899973980918537888347021734218"
        },
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2019-15683-b5526649",
        "signature_version": "v1",
        "source": "https://github.com/turbovnc/turbovnc/commit/f88a93f3c7f3d6ec021cc72ca555a38abc7ece27",
        "target": {
            "function": "rfbssl_init",
            "file": "unix/Xvnc/programs/Xserver/hw/vnc/rfbssl_gnutls.c"
        }
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "56383548371990220998746184757576774335",
                "5540945459748890729259231525063793789",
                "235335385123716383698294936850212306597",
                "51799300084955834327334211278794448441"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2019-15683-d30e5de5",
        "signature_version": "v1",
        "source": "https://github.com/turbovnc/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e",
        "target": {
            "file": "unix/Xvnc/programs/Xserver/hw/vnc/auth.c"
        }
    }
]