Access of Memory Location After End of Buffer

CVE-2019-8265

High

9.8/10

Summary

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1208.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-788 - Access of Memory Location After End of Buffer

The software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.

References

Advisory Timeline

Published Mar 08, 2019

Access of Memory Location After End of Buffer

CVE-2019-8265

Summary

CWE-788 - Access of Memory Location After End of Buffer

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS