VDB
CVE-2019-15681
CVE-2019-15681
PUBLISHED
LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity. These vulnerabilities have been fixed in commit d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a.
EPSS 9.37% · 92.9th percentile
Risk Scores
EPSS Score
9.37%
92.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:22.04:LTS | krfb | *, 0, 4:21.08.1-0ubuntu1 |
| Ubuntu:20.04:LTS | tightvnc | 0, 1.3.10-0ubuntu5 |
| Ubuntu:18.04:LTS | tightvnc | 1.3.10-0ubuntu4, 1.3.10-0ubuntu3, 0 |
| Ubuntu:25.10 | tightvnc | 0, *, * |
| Ubuntu:20.04:LTS | vino | 0, 3.22.0-5ubuntu2 |
| Ubuntu:25.10 | veyon | 0, 4.7.5+repack1-1ubuntu7, 4.7.5+repack1-1ubuntu6 |
| Ubuntu:22.04:LTS | veyon | 4.5.3+repack1-1build1, 0, 4.5.3+repack1-1build2 |
| Ubuntu:18.04:LTS | vino | 0, 3.22.0-2ubuntu1, 3.8.1-0ubuntu12 |
| Ubuntu:16.04:LTS | italc | 0, 1:2.0.2+dfsg1-4, 1:2.0.2+dfsg1-3 |
| Ubuntu:14.04:LTS | x11vnc | 0, 0.9.13-1.1 |
| Ubuntu:16.04:LTS | tightvnc | 1.3.10-0ubuntu2, 0, 1.3.10-0ubuntu3 |
| Ubuntu:24.04:LTS | krfb | *, 0, 4:23.08.4-0ubuntu1 |
| Ubuntu:18.04:LTS | italc | 1:3.0.3+dfsg1-2build1, *, 0 |
| Ubuntu:24.04:LTS | veyon | 0, 4.7.5+repack1-1build2, 4.7.5+repack1-1ubuntu1 |
| Ubuntu:24.04:LTS | tightvnc | *, 1:1.3.10-7, 1:1.3.10-7build2 |
| Ubuntu:20.04:LTS | veyon | 0, 4.2.4+repack1-2, 4.2.5+repack1-1 |
| Ubuntu:22.04:LTS | tightvnc | 1:1.3.10-5, 0, 1:1.3.10-3 |
| Ubuntu:16.04:LTS | krfb | 4:15.08.2-0ubuntu1, 0, 4:15.12.3-0ubuntu1 |
| Ubuntu:16.04:LTS | libvncserver | 0.9.10+dfsg-3ubuntu0.16.04.1, *, 0 |
| Ubuntu:20.04:LTS | krfb | *, 0, 4:19.08.3-0ubuntu1 |
…and 5 more
Exploit Intelligence
- cve_version_check.go (github-poc)
- cve_version_check.go (github-poc)
- cve_version_check.go (github-poc)
- cve_version_check.go (github-poc)
- cve_version_check.go (github-poc)
- cve_version_check.go (github-poc)
- nuclei_routing.go (github-poc)
- nuclei_routing.go (github-poc)
- nuclei_routing.go (github-poc)
- nuclei_routing.go (github-poc)
…and 2 more exploits
Timeline
- Oct 29, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
- Jul 14, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-15681 third-party-advisory
- https://ubuntu.com/security/notices/USN-4407-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4547-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4573-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4587-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-15681 third-party-advisory