{"id":"CVE-2019-15683","details":"TurboVNC server code contains stack buffer overflow vulnerability in commit prior to cea98166008301e614e0d36776bf9435a536136e. This could possibly result into remote code execution, since stack frame is not protected with stack canary. This attack appear to be exploitable via network connectivity. To exploit this vulnerability authorization on server is required. These issues have been fixed in commit cea98166008301e614e0d36776bf9435a536136e.","modified":"2026-04-11T09:39:41.311612Z","published":"2019-10-29T19:15:18.203Z","references":[{"type":"FIX","url":"https://github.com/TurboVNC/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/turbovnc/turbovnc","events":[{"introduced":"0"},{"fixed":"f88a93f3c7f3d6ec021cc72ca555a38abc7ece27"},{"fixed":"cea98166008301e614e0d36776bf9435a536136e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.2.3"}]}}],"versions":["0.1","0.1.1","0.2","0.3","0.3.1","0.3.2","0.3.3","0.4","0.4rc","0.5","0.5.1","0.6","1.2beta1","1.2rc","2.0","2.0beta1","2.1beta1","2.1beta2","2.2","2.2.1","2.2.2","2.2beta1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15683.json","vanir_signatures_modified":"2026-04-11T09:39:41Z","vanir_signatures":[{"deprecated":false,"target":{"file":"unix/Xvnc/programs/Xserver/hw/vnc/rfb.h"},"id":"CVE-2019-15683-161c9cca","signature_type":"Line","source":"https://github.com/turbovnc/turbovnc/commit/f88a93f3c7f3d6ec021cc72ca555a38abc7ece27","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["321098399789155278590542701630116660094","110376766337521774669760174289764065218","29943525514521416460134996161376102012"]}},{"deprecated":false,"target":{"function":"rfbssl_init","file":"unix/Xvnc/programs/Xserver/hw/vnc/rfbssl_openssl.c"},"id":"CVE-2019-15683-1bb462da","signature_type":"Function","source":"https://github.com/turbovnc/turbovnc/commit/f88a93f3c7f3d6ec021cc72ca555a38abc7ece27","signature_version":"v1","digest":{"function_hash":"124093702064637247985997974000778284450","length":3385}},{"deprecated":false,"target":{"function":"rfbProcessClientNormalMessage","file":"unix/Xvnc/programs/Xserver/hw/vnc/rfbserver.c"},"id":"CVE-2019-15683-24c58f43","signature_type":"Function","source":"https://github.com/turbovnc/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e","signature_version":"v1","digest":{"function_hash":"99271857532757596267321357888603221195","length":25979}},{"deprecated":false,"target":{"file":"unix/Xvnc/programs/Xserver/hw/vnc/rfbssl_openssl.c"},"id":"CVE-2019-15683-3d1b3840","signature_type":"Line","source":"https://github.com/turbovnc/turbovnc/commit/f88a93f3c7f3d6ec021cc72ca555a38abc7ece27","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["265003661163566263714160541889058204290","110152760130718846248264947725553557992","60859869488290060558906065003251781066","197695474684020073892606425542045749961","9983997437350112634538986533950200626","311411184151679867922956381856018821792","224985538926594046807048576218174592759","175326573742934444244436112266509750132","222310768965214786215076141894050306431","224995232092616580444066769940736230983","97797248543421430235510950784605645362","5672524493887160368240013235369971190","309947611467982562949985479753100556156","25643106407747932759913736179541476966","216120263004806286321996912641384625082","216888251750555450420868774345021040680","272712874815553467796043632950455201614","78724870261082409069240692608029645165","304911798645826102052970361021991392746","221691736213728418693491988391374516301","137499025179910016279737263342698334665","317540050298496451322109536503427972895","80489021243432864928812582683232641973","287493132380746325791222900822286756831","2510659204489365338308118388180534504","276294010459022548303265022494152534473","331789644456914959790960336592507804527","320497737263782583098103033214164342974","308536509360040966016316144118200160348"]}},{"deprecated":false,"target":{"file":"unix/Xvnc/programs/Xserver/hw/vnc/rfbssl_gnutls.c"},"id":"CVE-2019-15683-4c3d8eab","signature_type":"Line","source":"https://github.com/turbovnc/turbovnc/commit/f88a93f3c7f3d6ec021cc72ca555a38abc7ece27","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["144847464092728159876852341558122396266","275910173042093505059805613431457897072","325022088478188838774782686500669106764","295066054747351720914231462704907938967","81492627191711681821020788719831016087","267545424032642261688812938415232287375","335155389294888900475291758558234590402"]}},{"deprecated":false,"target":{"function":"loadFunctions","file":"unix/Xvnc/programs/Xserver/hw/vnc/rfbssl_openssl.c"},"id":"CVE-2019-15683-4dd17d53","signature_type":"Function","source":"https://github.com/turbovnc/turbovnc/commit/f88a93f3c7f3d6ec021cc72ca555a38abc7ece27","signature_version":"v1","digest":{"function_hash":"53100650456952740756550190752900025657","length":2925}},{"deprecated":false,"target":{"function":"rfbOptPamAuth","file":"unix/Xvnc/programs/Xserver/hw/vnc/auth.c"},"id":"CVE-2019-15683-519a4567","signature_type":"Function","source":"https://github.com/turbovnc/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e","signature_version":"v1","digest":{"function_hash":"252046010153634044181616880237114927099","length":274}},{"deprecated":false,"target":{"file":"unix/Xvnc/programs/Xserver/hw/vnc/rfbserver.c"},"id":"CVE-2019-15683-682fe39b","signature_type":"Line","source":"https://github.com/turbovnc/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["84989811668681235090654368324166371359","225340399570493989462751207585890862200","149772819929820407629987575473578201407","132530169444806169117064799156249083832","163740370135212854819989345150057617624","38316136736773991526668306957313468086","245053446811325642935502166683140978081","55468130680685345889772970651641312907","98076062974239266064179367437695347517"]}},{"deprecated":false,"target":{"function":"rfbssl_init","file":"unix/Xvnc/programs/Xserver/hw/vnc/rfbssl_gnutls.c"},"id":"CVE-2019-15683-b5526649","signature_type":"Function","source":"https://github.com/turbovnc/turbovnc/commit/f88a93f3c7f3d6ec021cc72ca555a38abc7ece27","signature_version":"v1","digest":{"function_hash":"37949381899973980918537888347021734218","length":3284}},{"deprecated":false,"target":{"file":"unix/Xvnc/programs/Xserver/hw/vnc/auth.c"},"id":"CVE-2019-15683-d30e5de5","signature_type":"Line","source":"https://github.com/turbovnc/turbovnc/commit/cea98166008301e614e0d36776bf9435a536136e","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["56383548371990220998746184757576774335","5540945459748890729259231525063793789","235335385123716383698294936850212306597","51799300084955834327334211278794448441"]}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}