CVE-2019-15691

MEDIUM

Description

TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html

https://github.com/CendioOssman/tigervnc/commit/d61a767d6842b530ffb532ddd5a3d233119aad40

https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1

https://www.openwall.com/lists/oss-security/2019/12/20/2

Details

Source: MITRE

Published: 2019-12-26

Updated: 2020-01-21

Type: CWE-672

Risk Information

CVSS v2.0

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 7.2

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.2

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:tigervnc:tigervnc:*:*:*:*:*:*:*:*

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
147375NewStart CGSL CORE 5.04 / MAIN 5.04 : tigervnc Multiple Vulnerabilities (NS-SA-2021-0035)NessusNewStart CGSL Local Security Checks
medium
146755EulerOS 2.0 SP2 : tigervnc (EulerOS-SA-2021-1369)NessusHuawei Local Security Checks
medium
146169EulerOS 2.0 SP5 : tigervnc (EulerOS-SA-2021-1237)NessusHuawei Local Security Checks
medium
146003CentOS 8 : tigervnc (CESA-2020:1497)NessusCentOS Local Security Checks
medium
145143EulerOS 2.0 SP3 : tigervnc (EulerOS-SA-2021-1127)NessusHuawei Local Security Checks
medium
144989Amazon Linux AMI : tigervnc (ALAS-2021-1470)NessusAmazon Linux Local Security Checks
medium
144468Amazon Linux AMI : tigervnc (ALAS-2020-1470) (deprecated)NessusAmazon Linux Local Security Checks
medium
141997Amazon Linux 2 : tigervnc (ALAS-2020-1552)NessusAmazon Linux Local Security Checks
medium
141653Scientific Linux Security Update : tigervnc on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
medium
141600CentOS 7 : tigervnc (CESA-2020:3875)NessusCentOS Local Security Checks
medium
141215Oracle Linux 7 : tigervnc (ELSA-2020-3875)NessusOracle Linux Local Security Checks
medium
141028RHEL 7 : tigervnc (RHSA-2020:3875)NessusRed Hat Local Security Checks
medium
139988EulerOS 2.0 SP8 : tigervnc (EulerOS-SA-2020-1885)NessusHuawei Local Security Checks
medium
138772NewStart CGSL MAIN 6.01 : tigervnc Multiple Vulnerabilities (NS-SA-2020-0032)NessusNewStart CGSL Local Security Checks
medium
138296SUSE SLES12 Security Update : tigervnc (SUSE-SU-2020:1749-1)NessusSuSE Local Security Checks
medium
135876RHEL 8 : tigervnc (RHSA-2020:1497)NessusRed Hat Local Security Checks
medium
135748Oracle Linux 8 : tigervnc (ELSA-2020-1497)NessusOracle Linux Local Security Checks
medium
133395SUSE SLES12 Security Update : tigervnc (SUSE-SU-2020:0266-1)NessusSuSE Local Security Checks
medium
133201SUSE SLES12 Security Update : tigervnc (SUSE-SU-2020:0159-1)NessusSuSE Local Security Checks
medium
133173openSUSE Security Update : tigervnc (openSUSE-2020-87)NessusSuSE Local Security Checks
medium
133035SUSE SLED15 / SLES15 Security Update : tigervnc (SUSE-SU-2020:0113-1)NessusSuSE Local Security Checks
medium
133034SUSE SLED15 / SLES15 Security Update : tigervnc (SUSE-SU-2020:0112-1)NessusSuSE Local Security Checks
medium