CVE-2022-23967

In TightVNC 1.3.10, there is an integer signedness error and resultant heap-based buffer overflow in InitialiseRFBConnection in rfbproto.c (for the vncviewer component). There is no check on the size given to malloc, e.g., -1 is accepted. This allocates a chunk of size zero, which will give a heap pointer. However, one can send 0xffffffff bytes of data, which can have a DoS impact or lead to remote code execution.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

02 Feb 2022, 23:06

Type	Values Removed	Values Added
CWE		CWE-787
References	~~(MISC) https://github.com/MaherAzzouzi/CVE-2022-23967 -~~	(MISC) https://github.com/MaherAzzouzi/CVE-2022-23967 - Third Party Advisory
References	~~(MISC) https://www.tightvnc.com/licensing-server-x11.php -~~	(MISC) https://www.tightvnc.com/licensing-server-x11.php - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.5 v3 : 9.8
CPE		cpe:2.3:a:tightvnc:tightvnc:1.3.10:::::::*

26 Jan 2022, 21:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-01-26 21:15

Updated : 2024-02-04 22:08

NVD link : CVE-2022-23967

Mitre link : CVE-2022-23967

CVE.ORG link : CVE-2022-23967

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2022-23967

Attach tags to `CVE-2022-23967`