Description
UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-017-ultravnc-out-of-bounds-read/
Vendor Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
Various Sources x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-20-161-06
Scores
CVSS v3
7.5
EPSS
0.0038
EPSS Percentile
59.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (1)
uvnc/ultravnc
< 1.2.2.3
Published
Mar 08, 2019
Tracked Since
Feb 18, 2026