Access of Memory Location After End of Buffer

CVE-2019-8266

High

9.8/10

Summary

UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. User interaction is required to trigger these vulnerabilities. These vulnerabilities have been fixed in revision 1208.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-788 - Access of Memory Location After End of Buffer

The software reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.

References

Advisory Timeline

Published Mar 08, 2019

Access of Memory Location After End of Buffer

CVE-2019-8266

Summary

CWE-788 - Access of Memory Location After End of Buffer

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS