CVE-2021-42973

Name of the Vulnerable Software and Affected Versions NoMachine Server versions 4.0.347 through 7.7.3

Description The issue is related to an Integer Overflow in the NoMachine Server. Specifically, the IOCTL Handler 0x22001B is vulnerable, allowing local attackers to execute arbitrary code in kernel mode or cause a denial of service, resulting in memory corruption and OS crash, via specially crafted I/O Request Packets.

Recommendations For versions 4.0.347 through 7.7.3, update to version 7.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.