CVE-2009-0388

2009-02-0419:30:00

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

High

EPSS

0.899

Percentile

98.8%

JSON

Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.

Affected configurations

Nvd

Node

tightvnctightvncMatch1.3.9

ultravncultravncMatch1.0.2

ultravncultravncMatch1.0.5

VendorProductVersionCPE
tightvnctightvnc1.3.9cpe:2.3:a:tightvnc:tightvnc:1.3.9:*:*:*:*:*:*:*
ultravncultravnc1.0.2cpe:2.3:a:ultravnc:ultravnc:1.0.2:*:*:*:*:*:*:*
ultravncultravnc1.0.5cpe:2.3:a:ultravnc:ultravnc:1.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tightvnc	tightvnc	1.3.9	cpe:2.3:a:tightvnc:tightvnc:1.3.9:::::::*
ultravnc	ultravnc	1.0.2	cpe:2.3:a:ultravnc:ultravnc:1.0.2:::::::*
ultravnc	ultravnc	1.0.5	cpe:2.3:a:ultravnc:ultravnc:1.0.5:::::::*