PT-2019-5419 · Libvncserver Team+5 · Libvncserver+5

Pavel Cheremushkin

·

Published

2019-08-30

·

Updated

2024-06-15

·

CVE-2019-15681

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions LibVNCServer versions prior to commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a
Description The issue is related to a memory leak in the VNC server code, which can be exploited by an attacker to read stack memory and disclose information. This can be combined with another vulnerability to bypass ASLR. The attack is exploitable via network connectivity.
Recommendations For versions prior to commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a, update to a version that includes the fix from commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a to resolve the issue. As a temporary workaround, consider restricting network connectivity to minimize the risk of exploitation.

Fix

Improper Initialization

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-665CWE-772

Related Identifiers

ALT-PU-2019-2585
ALT-PU-2019-2662
ALT-PU-2021-1040
BDU:2020-02922
CVE-2019-15681
DLA-1977-1
DLA-1979-1
DLA-2014-1
DLA-2045-1
MGASA-2019-0368
MGASA-2020-0242
MGASA-2020-0435
OPENSUSE-SU-2020:0624-1
OPENSUSE-SU-2020:1071-1
OPENSUSE-SU-2020_0624-1
OPENSUSE-SU-2020_1071-1
OPENSUSE-SU-2024:10598-1
OPENSUSE-SU-2024:11498-1
SUSE-SU-2020:0955-1
SUSE-SU-2020:1164-1
SUSE-SU-2020:1164-2
SUSE-SU-2020:1165-1
SUSE-SU-2020:14355-1
SUSE-SU-2020:2009-1
SUSE-SU-2020_0955-1
SUSE-SU-2020_1164-1
SUSE-SU-2020_1164-2
SUSE-SU-2020_1165-1
SUSE-SU-2020_14355-1
SUSE-SU-2020_2009-1
USN-4407-1
USN-4547-1
USN-4573-1
USN-4587-1

Affected Products

Alt Linux
Astra Linux
Libvncserver
Linuxmint
Suse
Ubuntu