CVE-2019-8269
HIGHUltraVNC < 1.2.2.3 - Denial of Service via FileTransfer Module Buffer Overflow
Title source: llmDescription
UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-20-161-06
Scores
CVSS v3
7.5
EPSS
0.0073
EPSS Percentile
72.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-121
CWE-787
Status
published
Products (4)
siemens/sinumerik_access_mymachine\/p2p
< 4.8
siemens/sinumerik_pcu_base_win10_software\/ipc
< 14.00
siemens/sinumerik_pcu_base_win7_software\/ipc
< 12.01
uvnc/ultravnc
< 1.2.2.3
Published
Mar 08, 2019
Tracked Since
Feb 18, 2026