Wednesday, February 2, 2022

CVE-2022-23967

In TightVNC 1.3.10, there is an integer signedness error and resultant heap-based buffer overflow in InitialiseRFBConnection in rfbproto.c (for the vncviewer component). There is no check on the size given to malloc, e.g., -1 is accepted. This allocates a chunk of size zero, which will give a heap pointer. However, one can send 0xffffffff bytes of data, which can have a DoS impact or lead to remote code execution. (CVSS:7.5) (Last Update:2022-02-02)
http://dlvr.it/SJHm0t

No comments:

Post a Comment

Black swans events are shaping the cybersecurity present and future - VentureBeat

Black swans events are shaping the cybersecurity present and future  VentureBeat http://dlvr.it/ShfHB2