CVE-2019-15678

CRITICAL

Tightvnc - Out-of-Bounds Write

Title source: rule

Description

TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity.

References (4)

Core 4

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://www.openwall.com/lists/oss-security/2018/12/10/5

Mailing List mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html

Vendor Advisory x_refsource_confirm

https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf

Third Party Advisory, US Government Resource x_refsource_misc

https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08

Scores

CVSS v3 9.8

EPSS 0.0263

EPSS Percentile 85.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-122 CWE-787

Status published

Products (1)

tightvnc/tightvnc 1.3.10

Published Oct 29, 2019

Tracked Since Feb 18, 2026