libvncclient/cursor.c in LibVNCServer through 0.9.12 has a HandleCursorShape integer overflow and heap-based buffer overflow via a large height or width value. NOTE: this may overlap CVE-2019-15690.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html | Mailing List Third Party Advisory |
https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf | Patch Third Party Advisory |
https://github.com/LibVNC/libvncserver/commit/54220248886b5001fbbb9fa73c4e1a2cb9413fed | Patch Third Party Advisory |
https://securitylab.github.com/advisories/GHSL-2020-064-libvnc-libvncclient | Exploit Third Party Advisory |
https://usn.ubuntu.com/4407-1/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
History
10 Mar 2022, 14:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* |
cpe:2.3:h:siemens:simatic_itc1500_pro:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1900:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1500:-:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc2200:-:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1900_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc2200_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc1900_pro:-:*:*:*:*:*:*:* cpe:2.3:a:libvnc_project:libvncserver:*:*:*:*:*:*:*:* cpe:2.3:h:siemens:simatic_itc2200_pro:-:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1900_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc2200_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1500_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:siemens:simatic_itc1500_firmware:*:*:*:*:*:*:*:* |
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf - Patch, Third Party Advisory | |
First Time |
Siemens simatic Itc2200
Siemens simatic Itc2200 Pro Firmware Debian debian Linux Siemens Siemens simatic Itc1900 Pro Debian Siemens simatic Itc1500 Libvnc Project Siemens simatic Itc1900 Siemens simatic Itc1900 Firmware Siemens simatic Itc1900 Pro Firmware Siemens simatic Itc1500 Pro Firmware Siemens simatic Itc2200 Firmware Siemens simatic Itc1500 Firmware Siemens simatic Itc2200 Pro Libvnc Project libvncserver Siemens simatic Itc1500 Pro |
14 Dec 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-787 |
24 Feb 2021, 19:46
Type | Values Removed | Values Added |
---|---|---|
References | (UBUNTU) https://usn.ubuntu.com/4407-1/ - Third Party Advisory | |
References | (MISC) https://securitylab.github.com/advisories/GHSL-2020-064-libvnc-libvncclient - Exploit, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00027.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
22 Feb 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-04-23 19:15
Updated : 2023-12-10 13:27
NVD link : CVE-2019-20788
Mitre link : CVE-2019-20788
CVE.ORG link : CVE-2019-20788
JSON object : View
Products Affected
siemens
- simatic_itc1500_pro_firmware
- simatic_itc2200_pro_firmware
- simatic_itc2200_firmware
- simatic_itc1900_pro
- simatic_itc1500
- simatic_itc1900_firmware
- simatic_itc1500_pro
- simatic_itc1500_firmware
- simatic_itc2200
- simatic_itc1900_pro_firmware
- simatic_itc1900
- simatic_itc2200_pro
canonical
- ubuntu_linux
libvnc_project
- libvncserver
debian
- debian_linux