Integer Overflow Vulnerability in UltraVNC Repeater Impacting HTTP Request Handling
CVE-2026-7828
5.3MEDIUM
What is CVE-2026-7828?
The vulnerability in UltraVNC's repeater allows for an integer overflow in the HTTP request logging mechanism. The win_log() function improperly calculates memory allocation size based on the length of HTTP request URIs. When a URI exceeds the expected length, this results in an allocation that is smaller than necessary, leading to a potential heap buffer overflow. Although the overflow is constrained by the HTTP receive buffer size, an attacker can exploit this vulnerability by sending a carefully crafted, oversized URI through an unauthenticated HTTP request, which may allow for a partial write in the heap.
Affected Version(s)
UltraVNC 0 <= 1.8.2.2
