CVE-2019-8277 Vulnerability Details

  /     /     /  

CVE-2019-8277 Metadata Quick Info

CVE Published: 09/03/2019 | CVE Updated: 04/08/2024 | CVE Year: 2019
Source: Kaspersky | Vendor: Kaspersky Lab | Product: UltraVNC
Status : PUBLISHED

---

CVE-2019-8277 Description

UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-665
CWE Name: multiple memory leaks (CWE-665)
Source: Kaspersky Lab

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).