CVE-2019-3955

Summary

Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen during key negotiation. An unauthenticated remote attacker can cause a heap buffer overflow by specifying a large RsaPubKeyLen, which could cause a denial of service.

Affected Software

VendorProductVersion RangeStatus
n/aSolarwinds Dameware Remote Mini ControllerAll versions prior to version 12.1.0.34affected

Weaknesses

  • Unauth Remote Heap Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References