CVE-2019-8261
Summary
| CVE | CVE-2019-8261 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-03-05 15:29:00 UTC |
| Updated | 2021-06-28 12:15:00 UTC |
| Description | UltraVNC revision 1199 has a out-of-bounds read vulnerability in VNC code inside client CoRRE decoder, caused by multiplication overflow. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1200. |
Risk And Classification
Problem Types: CWE-125
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| KLCERT-19-007: UltraVNC Out-of-bound Read | Kaspersky ICS CERT | MISC | ics-cert.kaspersky.com | Third Party Advisory |
| cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf | CONFIRM | cert-portal.siemens.com | |
| Siemens SIMATIC UltraVNC HMI WinCC Products | CISA | MISC | us-cert.cisa.gov | |
| Siemens SINUMERIK | CISA | MISC | www.us-cert.gov | |
| cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf | CONFIRM | cert-portal.siemens.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf | CONFIRM | cert-portal.siemens.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.