Skip to main content

Ultravnc CVE-2019-8270

HIGH
Out-of-bounds Read (CWE-125)
2019-03-08 vulnerability@kaspersky.com
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 08, 2019 - 23:29 nvd
HIGH 7.5

DescriptionNVD

UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211.

AnalysisAI

UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211. Affected products include: Uvnc Ultravnc.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2020-37133 HIGH POC
7.5 Feb 05

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allow

CVE-2026-4962 MEDIUM POC
6.4 Mar 27

UltraVNC versions up to 1.6.4.0 suffer from an uncontrolled search path vulnerability in version.dll loaded by the Servi

CVE-2020-37132 MEDIUM POC
6.2 Feb 05

UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allow

CVE-2019-8280 CRITICAL
9.8 Mar 08

UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially re

CVE-2019-8275 CRITICAL
9.8 Mar 08

UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of

CVE-2019-8274 CRITICAL
9.8 Mar 08

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, w

CVE-2019-8273 CRITICAL
9.8 Mar 08

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler,

CVE-2019-8272 CRITICAL
9.8 Mar 08

UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code

CVE-2019-8271 CRITICAL
9.8 Mar 08

UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which c

CVE-2019-8268 CRITICAL
9.8 Mar 08

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of Clien

CVE-2019-8266 CRITICAL
9.8 Mar 08

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnecti

CVE-2019-8265 CRITICAL
9.8 Mar 08

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macr

Share

CVE-2019-8270 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy