CVE-2019-8259

UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:siemens:sinumerik_access_mymachine\/p2p:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\/ipc:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\/ipc:*:*:*:*:*:*:*:*

Information

Published : 2019-03-05 07:29

Updated : 2021-06-28 06:15


NVD link : CVE-2019-8259

Mitre link : CVE-2019-8259


JSON object : View

CWE
CWE-401

Missing Release of Memory after Effective Lifetime

Advertisement

dedicated server usa

Products Affected

siemens

  • sinumerik_pcu_base_win10_software\/ipc
  • sinumerik_access_mymachine\/p2p
  • sinumerik_pcu_base_win7_software\/ipc

uvnc

  • ultravnc