{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2019-15690", "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "state": "PUBLISHED", "assignerShortName": "Kaspersky", "dateReserved": "2019-08-27T00:00:00.000Z", "datePublished": "2025-01-24T17:53:58.866Z", "dateUpdated": "2025-01-24T18:22:55.433Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky", "dateUpdated": "2025-01-24T17:53:58.866Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "type": "CWE"}]}], "affected": [{"vendor": "LibVNC", "product": "LibVNCServer", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "0.9.12", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}}], "solutions": [{"lang": "en", "value": "Update LibVNCServer to the commit with hash 54220248886b5001fbbb9fa73c4e1a2cb9413fed or newer."}], "timeline": [{"time": "2020-03-23T00:00:00.000Z", "lang": "en", "value": "Advisory published by Kaspersky"}], "credits": [{"lang": "en", "value": "Pavel Cheremushkin from Kaspersky", "type": "finder"}], "references": [{"url": "https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12/", "name": "KLCERT-20-009: Remote Code Execution on LibVNC version prior to 0.9.12", "tags": ["third-party-advisory"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-24T18:22:46.983882Z", "id": "CVE-2019-15690", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-24T18:22:55.433Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-15690", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-24T18:22:46.983882Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-24T18:22:51.425Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Pavel Cheremushkin from Kaspersky"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "LibVNC", "product": "LibVNCServer", "versions": [{"status": "affected", "version": "*", "versionType": "custom", "lessThanOrEqual": "0.9.12"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2020-03-23T00:00:00.000Z", "value": "Advisory published by Kaspersky"}], "solutions": [{"lang": "en", "value": "Update LibVNCServer to the commit with hash 54220248886b5001fbbb9fa73c4e1a2cb9413fed or newer."}], "references": [{"url": "https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12/", "name": "KLCERT-20-009: Remote Code Execution on LibVNC version prior to 0.9.12", "tags": ["third-party-advisory"]}], "descriptions": [{"lang": "en", "value": "LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky", "dateUpdated": "2025-01-24T17:53:58.866Z"}}}, "cveMetadata": {"cveId": "CVE-2019-15690", "state": "PUBLISHED", "dateUpdated": "2025-01-24T18:22:55.433Z", "dateReserved": "2019-08-27T00:00:00.000Z", "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "datePublished": "2025-01-24T17:53:58.866Z", "assignerShortName": "Kaspersky"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution."}], "id": "CVE-2019-15690", "lastModified": "2025-01-24T18:15:27.657", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "vulnerability@kaspersky.com", "type": "Secondary"}]}, "published": "2025-01-24T18:15:27.657", "references": [{"source": "vulnerability@kaspersky.com", "url": "https://ics-cert.kaspersky.com/vulnerabilities/klcert-20-009-remote-code-execution-on-libvnc-version-prior-to-0-9-12/"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "vulnerability@kaspersky.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2020:0913", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libvncserver-0:0.9.9-14.el7_7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-03-23T00:00:00Z"}, {"advisory": "RHSA-2020:0920", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libvncserver-0:0.9.11-9.el8_1.2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-03-23T00:00:00Z"}, {"advisory": "RHSA-2020:0921", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "libvncserver-0:0.9.11-9.el8_0.2", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-03-23T00:00:00Z"}], "bugzilla": {"description": "libvncserver: HandleCursorShape() integer overflow resulting in heap-based buffer overflow", "id": "1811948", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1811948"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-190->CWE-122", "details": ["LibVNCServer 0.9.12 release and earlier contains heap buffer overflow vulnerability within the HandleCursorShape() function in libvncclient/cursor.c. An attacker sends cursor shapes with specially crafted dimensions, which can result in remote code execution.", "A flaw was found in libvncserver. An integer overflow within the HandleCursorShape() function can be exploited to cause a heap-based buffer overflow by tricking a user or application using libvncserver to connect to an unstrusted server and subsequently send cursor shapes with specially crafted dimensions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "mitigation": {"lang": "en:us", "value": "Libvncserver should not be used to connect to untrusted server."}, "name": "CVE-2019-15690", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libvncserver", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2019-12-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-15690\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-15690"], "threat_severity": "Important"}