CVE-2019-8268

UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:uvnc:ultravnc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:siemens:sinumerik_access_mymachine\/p2p:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinumerik_pcu_base_win10_software\/ipc:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinumerik_pcu_base_win7_software\/ipc:*:*:*:*:*:*:*:*

Information

Published : 2019-03-08 15:29

Updated : 2020-10-19 10:56


NVD link : CVE-2019-8268

Mitre link : CVE-2019-8268


JSON object : View

CWE
CWE-193

Off-by-one Error

Advertisement

dedicated server usa

Products Affected

siemens

  • sinumerik_pcu_base_win10_software\/ipc
  • sinumerik_access_mymachine\/p2p
  • sinumerik_pcu_base_win7_software\/ipc

uvnc

  • ultravnc