PT-2019-5419 · Libvncserver Team+5 · Libvncserver+5

Pavel Cheremushkin

·

Publicado

2019-08-30

·

Atualizado

2024-06-15

·

CVE-2019-15681

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions LibVNCServer versions prior to commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a
Description The issue is related to a memory leak in the VNC server code, which can be exploited by an attacker to read stack memory and disclose information. This can be combined with another vulnerability to bypass ASLR. The attack is exploitable via network connectivity.
Recommendations For versions prior to commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a, update to a version that includes the fix from commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a to resolve the issue. As a temporary workaround, consider restricting network connectivity to minimize the risk of exploitation.

Correção

Improper Initialization

Missing Release of Resource after Effective Lifetime

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-665CWE-772

Identificadores relacionados

ALT-PU-2019-2585
ALT-PU-2019-2662
ALT-PU-2021-1040
BDU:2020-02922
CVE-2019-15681
DLA-1977-1
DLA-1979-1
DLA-2014-1
DLA-2045-1
MGASA-2019-0368
MGASA-2020-0242
MGASA-2020-0435
OPENSUSE-SU-2020:0624-1
OPENSUSE-SU-2020:1071-1
OPENSUSE-SU-2020_0624-1
OPENSUSE-SU-2020_1071-1
OPENSUSE-SU-2024:10598-1
OPENSUSE-SU-2024:11498-1
SUSE-SU-2020:0955-1
SUSE-SU-2020:1164-1
SUSE-SU-2020:1164-2
SUSE-SU-2020:1165-1
SUSE-SU-2020:14355-1
SUSE-SU-2020:2009-1
SUSE-SU-2020_0955-1
SUSE-SU-2020_1164-1
SUSE-SU-2020_1164-2
SUSE-SU-2020_1165-1
SUSE-SU-2020_14355-1
SUSE-SU-2020_2009-1
USN-4407-1
USN-4547-1
USN-4573-1
USN-4587-1

Produtos afetados

Alt Linux
Astra Linux
Libvncserver
Linuxmint
Suse
Ubuntu