Off-by-one Error

CVE-2019-8272

High

9.8/10

Summary

UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-193 - Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

References

Advisory Timeline

Published Mar 08, 2019

Off-by-one Error

CVE-2019-8272

Summary

CWE-193 - Off-by-one Error

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS