CVE-2019-15695

MEDIUM

Description

TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity.

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html

https://github.com/CendioOssman/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89

https://github.com/TigerVNC/tigervnc/releases/tag/v1.10.1

https://www.openwall.com/lists/oss-security/2019/12/20/2

Details

Source: MITRE

Published: 2019-12-26

Updated: 2020-10-16

Type: CWE-787

Risk Information

CVSS v2.0

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 7.2

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.2

Severity: HIGH

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
147375NewStart CGSL CORE 5.04 / MAIN 5.04 : tigervnc Multiple Vulnerabilities (NS-SA-2021-0035)NessusNewStart CGSL Local Security Checks
medium
146755EulerOS 2.0 SP2 : tigervnc (EulerOS-SA-2021-1369)NessusHuawei Local Security Checks
medium
146169EulerOS 2.0 SP5 : tigervnc (EulerOS-SA-2021-1237)NessusHuawei Local Security Checks
medium
146003CentOS 8 : tigervnc (CESA-2020:1497)NessusCentOS Local Security Checks
medium
145143EulerOS 2.0 SP3 : tigervnc (EulerOS-SA-2021-1127)NessusHuawei Local Security Checks
medium
144989Amazon Linux AMI : tigervnc (ALAS-2021-1470)NessusAmazon Linux Local Security Checks
medium
144468Amazon Linux AMI : tigervnc (ALAS-2020-1470) (deprecated)NessusAmazon Linux Local Security Checks
medium
141997Amazon Linux 2 : tigervnc (ALAS-2020-1552)NessusAmazon Linux Local Security Checks
medium
141653Scientific Linux Security Update : tigervnc on SL7.x x86_64 (20201001)NessusScientific Linux Local Security Checks
medium
141600CentOS 7 : tigervnc (CESA-2020:3875)NessusCentOS Local Security Checks
medium
141215Oracle Linux 7 : tigervnc (ELSA-2020-3875)NessusOracle Linux Local Security Checks
medium
141028RHEL 7 : tigervnc (RHSA-2020:3875)NessusRed Hat Local Security Checks
medium
139988EulerOS 2.0 SP8 : tigervnc (EulerOS-SA-2020-1885)NessusHuawei Local Security Checks
medium
138772NewStart CGSL MAIN 6.01 : tigervnc Multiple Vulnerabilities (NS-SA-2020-0032)NessusNewStart CGSL Local Security Checks
medium
138296SUSE SLES12 Security Update : tigervnc (SUSE-SU-2020:1749-1)NessusSuSE Local Security Checks
medium
135876RHEL 8 : tigervnc (RHSA-2020:1497)NessusRed Hat Local Security Checks
medium
135748Oracle Linux 8 : tigervnc (ELSA-2020-1497)NessusOracle Linux Local Security Checks
medium
133395SUSE SLES12 Security Update : tigervnc (SUSE-SU-2020:0266-1)NessusSuSE Local Security Checks
medium
133201SUSE SLES12 Security Update : tigervnc (SUSE-SU-2020:0159-1)NessusSuSE Local Security Checks
medium
133173openSUSE Security Update : tigervnc (openSUSE-2020-87)NessusSuSE Local Security Checks
medium
133035SUSE SLED15 / SLES15 Security Update : tigervnc (SUSE-SU-2020:0113-1)NessusSuSE Local Security Checks
medium
133034SUSE SLED15 / SLES15 Security Update : tigervnc (SUSE-SU-2020:0112-1)NessusSuSE Local Security Checks
medium