CVE-2019-8287
Published: 29 October 2019
TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
From the Ubuntu Security Team
It was discovered that TightVNC contains global buffer overflow vulnerability. A attacker could use it to provoke a Denial of Service or even a remote code execution.
Priority
Status
Package | Release | Status |
---|---|---|
tightvnc Launchpad, Ubuntu, Debian |
hirsute |
Ignored
(end of life)
|
xenial |
Needed
|
|
jammy |
Needed
|
|
impish |
Ignored
(end of life)
|
|
kinetic |
Ignored
(end of life, was needed)
|
|
bionic |
Needed
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Needed
|
|
groovy |
Ignored
(end of life)
|
|
trusty |
Released
(1.3.9-6.5+deb8u1build0.14.04.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Needed
|
|
mantic |
Needed
|
|
lunar |
Ignored
(end of life, was needed)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |