First published: Tue Oct 29 2019(Updated: )
TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.
Credit: vulnerability@kaspersky.com
Affected Software | Affected Version | How to fix |
---|---|---|
Tightvnc Tightvnc | =1.3.10 | |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-15679.
CVE-2019-15679 has a severity rating of critical (9.8).
The affected software is TightVNC version 1.3.10.
CVE-2019-15679 can be exploited through network connectivity.
Yes, you can find references for CVE-2019-15679 in the following links: - [Siemens ProductCERT](https://cert-portal.siemens.com/productcert/pdf/ssa-478893.pdf) - [Debian LTS](https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html) - [US-CERT](https://us-cert.cisa.gov/ics/advisories/icsa-20-343-08)