CVE-2021-42977

Name of the Vulnerable Software and Affected Versions NoMachine Enterprise Desktop versions 4.0.346 through 7.7.4

Description The issue allows local attackers to execute arbitrary code in kernel mode or cause a denial of service, resulting in memory corruption and OS crash, via specially crafted I/O Request Packet. This is due to an Integer Overflow in the IOCTL Handler 0x22001B.

Recommendations For versions 4.0.346 through 7.7.4, update to version 7.7.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the IOCTL Handler 0x22001B to minimize the risk of exploitation.