PT-2020-14198 · Synergy+1 · Synergy+1

Published

2020-07-15

·

Updated

2024-04-08

·

CVE-2020-15117

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Synergy versions prior to 1.12.0
Description The issue allows a Synergy server to be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the server's memory is less than 4 GB. However, it was verified that this issue does not cause a crash through the exception handler if the available memory of the server is more than 4GB.
Recommendations For versions prior to 1.12.0, update to version 1.12.0 or later to resolve the issue. As a temporary workaround, consider ensuring the server has more than 4GB of available memory to prevent the crash through the exception handler.

Fix

Improper Check for Exceptional Conditions

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-754CWE-755

Related Identifiers

ALT-PU-2020-4219
ALT-PU-2020-4220
CVE-2020-15117
GHSA-CHFM-333Q-GFPP
MGASA-2021-0040

Affected Products

Alt Linux
Synergy