Ultravnc
CVE-2019-8270
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211.
AnalysisAI
UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211. Affected products include: Uvnc Ultravnc.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allow
UltraVNC versions up to 1.6.4.0 suffer from an uncontrolled search path vulnerability in version.dll loaded by the Servi
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allow
UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially re
UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, w
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler,
UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which c
UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of Clien
UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnecti
UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macr
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today