1. Home
  2. CVE Database
  3. CVE-2009-0388
HIGH · 10.0

CVE-2009-0388

Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly exec...

Vulnerability Description

Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code via a large length value in a message, related to the (a) ClientConnection::CheckBufferSize and (b) ClientConnection::CheckFileZipBufferSize functions in ClientConnection.cpp.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
TightvncTightvnc1.3.9
UltravncUltravnc1.0.2

Related Weaknesses (CWE)

CWE-189

References

FAQ

What is CVE-2009-0388?

CVE-2009-0388 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly exec...

How severe is CVE-2009-0388?

CVE-2009-0388 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-0388?

Check the references section above for vendor advisories and patch information. Affected products include: Tightvnc Tightvnc, Ultravnc Ultravnc.