CVE-2026-44042
UltraVNC repeater wi_uudecode off-by-one in base64 decode boundary check
Description
UltraVNC repeater through 1.8.2.2 contains an off-by-one error in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, the wi_uudecode() function checks whether the input length exceeds the output buffer with a strict greater-than comparison (>), while the correct check should be greater-than-or-equal (>=). When strlen(authdata) equals sizeof(decode), the decoded output length (approximately 3/4 of input) does not overflow the buffer in current practice because the outer HTTP request bounds constrain the Authorization header. However, the defective check leaves a latent off-by-one condition that could become exploitable if the buffering constraints change. The current risk is limited to a one-byte write at the boundary of a 1024-byte stack buffer under constrained conditions.
INFO
Published Date :
July 1, 2026, 3:33 a.m.
Last Modified :
July 1, 2026, 3:33 a.m.
Remotely Exploit :
Yes !
Source :
securin
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | LOW | 33c584b5-0579-4c06-b2a0-8d8329fcab9c |
Solution
- Update UltraVNC repeater to the latest version.
- Review HTTP Authorization header constraints.
- Monitor for future security advisories.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-44042 vulnerability anywhere in the article.