Vulnerabilities > CVE-2019-8259 - Memory Leak vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 | |
Application | 4 |
Common Weakness Enumeration (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/
- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11
- https://www.us-cert.gov/ics/advisories/icsa-20-161-06
- https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf
- https://www.us-cert.gov/ics/advisories/icsa-20-161-06
- https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11
- https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/
- https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf