Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2022-23967
HistoryJan 26, 2022 - 12:00 a.m.

CVE-2022-23967

2022-01-2600:00:00
ubuntu.com
ubuntu.com
11
tightvnc
integer signedness error
heap-based buffer overflow
initialiserfbconnection
malloc
remote code execution
dos
cve-2022-23967
unix
JSON

In TightVNC 1.3.10, there is an integer signedness error and resultant
heap-based buffer overflow in InitialiseRFBConnection in rfbproto.c (for
the vncviewer component). There is no check on the size given to malloc,
e.g., -1 is accepted. This allocates a chunk of size zero, which will give
a heap pointer. However, one can send 0xffffffff bytes of data, which can
have a DoS impact or lead to remote code execution.

Related

cvelist 1
debiancve 1
githubexploit 1
nvd 1
cve 1
cvelist
cvelist
CVE-2022-23967
1976-01-01 00:00:00
debiancve
debiancve
CVE-2022-23967
2022-01-26 21:15:00
githubexploit
githubexploit
Exploit for CVE-2022-23967
2022-01-26 18:49:43
nvd
nvd
CVE-2022-23967
2022-01-26 21:15:14
cve
cve
CVE-2022-23967
2022-01-26 21:15:14
JSON
Related for UB:CVE-2022-23967
cvelist1debiancve1githubexploit1nvd1cve1