subject:"\[PATCH\] ui\/vnc\-clipboard\: fix integer underflow in vnc_client_cut_text

Re: [PATCH] ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext

2022-10-11 Thread Gerd Hoffmann

On Sun, Sep 25, 2022 at 10:45:11PM +0200, Mauro Matteo Cascella wrote: > Extended ClientCutText messages start with a 4-byte header. If len < 4, > an integer underflow occurs in vnc_client_cut_text_ext. The result is > used to decompress data in a while loop in inflate_buffer, leading to > CPU

Re: [PATCH] ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext

2022-10-10 Thread Mauro Matteo Cascella

On Sun, Sep 25, 2022 at 10:45 PM Mauro Matteo Cascella wrote: > > Extended ClientCutText messages start with a 4-byte header. If len < 4, > an integer underflow occurs in vnc_client_cut_text_ext. The result is > used to decompress data in a while loop in inflate_buffer, leading to > CPU

[PATCH] ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext

2022-09-25 Thread Mauro Matteo Cascella

Extended ClientCutText messages start with a 4-byte header. If len < 4, an integer underflow occurs in vnc_client_cut_text_ext. The result is used to decompress data in a while loop in inflate_buffer, leading to CPU consumption and denial of service. Prevent this by checking dlen in

Re: [PATCH] ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext

Re: [PATCH] ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext

[PATCH] ui/vnc-clipboard: fix integer underflow in vnc_client_cut_text_ext

3 matches

Site Navigation

Mail list logo

Footer information