Wednesday, February 2, 2022


In TightVNC 1.3.10, there is an integer signedness error and resultant heap-based buffer overflow in InitialiseRFBConnection in rfbproto.c (for the vncviewer component). There is no check on the size given to malloc, e.g., -1 is accepted. This allocates a chunk of size zero, which will give a heap pointer. However, one can send 0xffffffff bytes of data, which can have a DoS impact or lead to remote code execution. (CVSS:7.5) (Last Update:2022-02-02)

No comments:

Post a Comment

SLED / FED Virtual Cybersecurity Summit - CISO MAG

SLED / FED Virtual Cybersecurity Summit  CISO MAG