CVE-2019-15680
Published: 29 October 2019
TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS). This attack appear to be exploitable via network connectivity.
From the Ubuntu Security Team
Pavel Cheremushkin discovered that TightVNC has a null pointer dereference vulnerability. An attacker could use it to cause a Denial of Service or possible a remote code execution.
Notes
| Author | Note |
|---|---|
| mdeslaur | per upstream, this is a non-issue in libvncserver as checks are already done in zlib, see: https://github.com/LibVNC/libvncserver/issues/359#issuecomment-599133529 for completeness, the fix was added to focal and earlier releases, but will not be added to groovy+ |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
tightvnc Launchpad, Ubuntu, Debian |
trusty |
Released
(1.3.9-6.5+deb8u1build0.14.04.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
| kinetic |
Ignored
(end of life, was needs-triage)
|
|
| xenial |
Needs triage
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| bionic |
Needs triage
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| upstream |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
libvncserver Launchpad, Ubuntu, Debian |
impish |
Not vulnerable
(0.9.13+dfsg-1)
|
| hirsute |
Not vulnerable
(0.9.13+dfsg-1)
|
|
| jammy |
Not vulnerable
(0.9.13+dfsg-1)
|
|
| lunar |
Not vulnerable
(0.9.13+dfsg-1)
|
|
| bionic |
Released
(0.9.11+dfsg-1ubuntu1.2)
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Released
(0.9.11+dfsg-1.3ubuntu0.1)
|
|
| focal |
Released
(0.9.12+dfsg-9ubuntu0.1)
|
|
| groovy |
Not vulnerable
(0.9.13+dfsg-1)
|
|
| kinetic |
Not vulnerable
(0.9.13+dfsg-1)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Released
(0.9.10+dfsg-3ubuntu0.16.04.4)
|
|
| mantic |
Not vulnerable
(0.9.13+dfsg-1)
|
|
|
Patches: upstream: https://github.com/sunweaver/libvncserver/commit/85d00057b5daf71675462c9b175d8cb2d47cd0e1 |
||
|
ssvnc Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
| xenial |
Needs triage
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| bionic |
Needs triage
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
veyon Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| bionic |
Does not exist
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| mantic |
Needs triage
|
|
|
vncsnapshot Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
| xenial |
Needs triage
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| bionic |
Needs triage
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| mantic |
Needs triage
|
|
|
x11vnc Launchpad, Ubuntu, Debian |
kinetic |
Ignored
(end of life, was needs-triage)
|
| xenial |
Needs triage
|
|
| jammy |
Needs triage
|
|
| lunar |
Needs triage
|
|
| bionic |
Needs triage
|
|
| disco |
Ignored
(end of life)
|
|
| eoan |
Ignored
(end of life)
|
|
| focal |
Needs triage
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Ignored
(end of life)
|
|
| impish |
Ignored
(end of life)
|
|
| trusty |
Needs triage
|
|
| upstream |
Needs triage
|
|
| mantic |
Needs triage
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |