CVE-2019-15681
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
LibVNC en el commit anterior a d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a, contiene una pérdida de memoria (CWE-655) en el código del servidor VNC, lo que permite a un atacante leer la memoria de la pila y puede ser abusada para la divulgación de información. Combinada con otra vulnerabilidad, puede ser usada para filtrar la memoria de la pila y omitir el ASLR. Este ataque parece ser explotable por medio de la conectividad de la red. Estas vulnerabilidades han sido corregidas en el commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-27 CVE Reserved
- 2019-10-29 CVE Published
- 2024-08-05 CVE Updated
- 2024-10-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-665: Improper Initialization
CAPEC
References (12)
URL | Tag | Source |
---|---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2019/10/msg00039.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2019/10/msg00042.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2019/11/msg00032.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2019/12/msg00028.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a | 2022-04-05 |
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html | 2022-04-05 | |
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00073.html | 2022-04-05 | |
https://usn.ubuntu.com/4407-1 | 2022-04-05 | |
https://usn.ubuntu.com/4547-1 | 2022-04-05 | |
https://usn.ubuntu.com/4573-1 | 2022-04-05 | |
https://usn.ubuntu.com/4587-1 | 2022-04-05 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Siemens Search vendor "Siemens" | Simatic Itc1500 Firmware Search vendor "Siemens" for product "Simatic Itc1500 Firmware" | >= 3.0.0.0 < 3.2.1.0 Search vendor "Siemens" for product "Simatic Itc1500 Firmware" and version " >= 3.0.0.0 < 3.2.1.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Itc1500 Search vendor "Siemens" for product "Simatic Itc1500" | - | - |
Safe
|
Siemens Search vendor "Siemens" | Simatic Itc1500 Pro Firmware Search vendor "Siemens" for product "Simatic Itc1500 Pro Firmware" | >= 3.0.0.0 < 3.2.1.0 Search vendor "Siemens" for product "Simatic Itc1500 Pro Firmware" and version " >= 3.0.0.0 < 3.2.1.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Itc1500 Pro Search vendor "Siemens" for product "Simatic Itc1500 Pro" | - | - |
Safe
|
Siemens Search vendor "Siemens" | Simatic Itc1900 Firmware Search vendor "Siemens" for product "Simatic Itc1900 Firmware" | >= 3.0.0.0 < 3.2.1.0 Search vendor "Siemens" for product "Simatic Itc1900 Firmware" and version " >= 3.0.0.0 < 3.2.1.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Itc1900 Search vendor "Siemens" for product "Simatic Itc1900" | - | - |
Safe
|
Siemens Search vendor "Siemens" | Simatic Itc1900 Pro Firmware Search vendor "Siemens" for product "Simatic Itc1900 Pro Firmware" | >= 3.0.0.0 < 3.2.1.0 Search vendor "Siemens" for product "Simatic Itc1900 Pro Firmware" and version " >= 3.0.0.0 < 3.2.1.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Itc1900 Pro Search vendor "Siemens" for product "Simatic Itc1900 Pro" | - | - |
Safe
|
Siemens Search vendor "Siemens" | Simatic Itc2200 Firmware Search vendor "Siemens" for product "Simatic Itc2200 Firmware" | >= 3.0.0.0 < 3.2.1.0 Search vendor "Siemens" for product "Simatic Itc2200 Firmware" and version " >= 3.0.0.0 < 3.2.1.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Itc2200 Search vendor "Siemens" for product "Simatic Itc2200" | - | - |
Safe
|
Siemens Search vendor "Siemens" | Simatic Itc2200 Pro Firmware Search vendor "Siemens" for product "Simatic Itc2200 Pro Firmware" | >= 3.0.0.0 < 3.2.1.0 Search vendor "Siemens" for product "Simatic Itc2200 Pro Firmware" and version " >= 3.0.0.0 < 3.2.1.0" | - |
Affected
| in | Siemens Search vendor "Siemens" | Simatic Itc2200 Pro Search vendor "Siemens" for product "Simatic Itc2200 Pro" | - | - |
Safe
|
Libvnc Project Search vendor "Libvnc Project" | Libvncserver Search vendor "Libvnc Project" for product "Libvncserver" | < 0.9.12 Search vendor "Libvnc Project" for product "Libvncserver" and version " < 0.9.12" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.10" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
|