CVE-2020-15117 - In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packe

CVE-2020-15117

Summary

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the available memory of the Server is more than 4GB.

References

Vulnerable Configurations

cpe:2.3:a:symless:synergy:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.10.2:-:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.10.2:-:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.10.2:rc1:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.10.2:rc1:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.10.2:rc2:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.10.2:rc2:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.10.3:-:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.10.3:-:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.10.3:rc1:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.10.3:rc1:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.11.0:-:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.11.0:-:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.11.0:rc2:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.11.0:rc2:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.11.1:-:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.11.1:-:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.11.1:rc2:*:*:*:*:*:*
cpe:2.3:a:symless:synergy:1.11.1:rc2:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

CVSS

Base:	4.0 (as of 21-10-2022 - 18:02)
Impact:
Exploitability:

CWE

CWE-754

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:N/I:N/A:P

refmap via4

confirm	https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp
fedora	FEDORA-2020-2ef60a0580 FEDORA-2020-cc19e88a1f
misc	https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39

Last major update

21-10-2022 - 18:02

Published

15-07-2020 - 18:15

Last modified

21-10-2022 - 18:02