New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerable to CVE-2019-15680? #349
Labels
Comments
If I'am not mistaken, if libvncserver/libvncclient/zlib.c Line 114 in a9f95d8
Z_STREAM_ERROR , so there is not dereference there.
|
If
OK ot close or am I missing something @risicle ? |
Nope looks like you've got it about right ✔️ |
OK, closing then :-) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://nvd.nist.gov/vuln/detail/CVE-2019-15680 is an issue against tightvnc, but as detailed in https://www.openwall.com/lists/oss-security/2018/12/10/5 (it's the last listed issue) it's related to you common ancestor. The other issues listed there you seem to have fixed, but has this one slipped under the radar?
Your version of
zlib.c
doesn't appear to perform any checking on themalloc
result atlibvncserver/libvncclient/zlib.c
Line 58 in a9f95d8
Are there checks elsewhere before
raw_buffer
ordecompStream.next_out
is dereferenced that assert the allocation didn't fail?The text was updated successfully, but these errors were encountered: