ID CVE-2020-15117 Type cve Reporter cve@mitre.org Modified 2020-12-17T03:15:00
Description
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the available memory of the Server is more than 4GB.
{"id": "CVE-2020-15117", "bulletinFamily": "NVD", "title": "CVE-2020-15117", "description": "In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the available memory of the Server is more than 4GB.", "published": "2020-07-15T18:15:00", "modified": "2020-12-17T03:15:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15117", "reporter": "cve@mitre.org", "references": ["https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAQYCMBWNVCIEM27NPIKK3DGJCNBYLAK/", "https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39", "https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VFDEQED64YLWQK2TF73EMXZDYX7YT2DD/"], "cvelist": ["CVE-2020-15117"], "type": "cve", "lastseen": "2021-02-02T07:37:00", "edition": 9, "viewCount": 229, "enchantments": {"dependencies": {"references": [{"type": "fedora", "idList": ["FEDORA:F27A1304E7C1", "FEDORA:682D2307F975"]}, {"type": "nessus", "idList": ["FEDORA_2020-CC19E88A1F.NASL", "FEDORA_2020-2EF60A0580.NASL"]}], "modified": "2021-02-02T07:37:00", "rev": 2}, "score": {"value": 3.5, "vector": "NONE", "modified": "2021-02-02T07:37:00", "rev": 2}, "twitter": {"counter": 2, "modified": "2020-12-16T17:49:18", "tweets": [{"link": "https://twitter.com/vigilance_fr/status/1339331740096229376", "text": "Vigil@nce /hashtag/Vuln\u00e9rabilit\u00e9?src=hashtag_click de Synergy : d\u00e9ni de service via KMsgHelloBack Client Name Length. https://t.co/MLuJf8oGdU?amp=1 R\u00e9f\u00e9rences : /hashtag/CVE?src=hashtag_click-2020-15117. /hashtag/CyberS\u00e9curit\u00e9?src=hashtag_click"}, {"link": "https://twitter.com/vigilance_en/status/1339331744533778433", "text": "Vigil@nce /hashtag/Vulnerability?src=hashtag_click of Synergy: denial of service via KMsgHelloBack Client Name Length. https://t.co/KlfeiVITGG?amp=1 Identifiers: /hashtag/CVE?src=hashtag_click-2020-15117. /hashtag/CyberSecurity?src=hashtag_click"}]}, "vulnersScore": 3.5}, "cpe": [], "affectedSoftware": [{"cpeName": "symless:synergy", "name": "symless synergy", "operator": "lt", "version": "1.12.0"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-755"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:symless:synergy:1.12.0:*:*:*:*:*:*:*", "versionEndExcluding": "1.12.0", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp", "refsource": "CONFIRM", "tags": ["Third Party Advisory"], "url": "https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp"}, {"name": "FEDORA-2020-cc19e88a1f", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VFDEQED64YLWQK2TF73EMXZDYX7YT2DD/"}, {"name": "FEDORA-2020-2ef60a0580", "refsource": "FEDORA", "tags": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAQYCMBWNVCIEM27NPIKK3DGJCNBYLAK/"}, {"name": "https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39"}]}
{"fedora": [{"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15117"], "description": "Synergy lets you easily share your mouse and keyboard between multiple computers, where each computer has its own display. No special hardware is required, all you need is a local area network. Synergy is supported on Windows, Mac OS X and Linux. Redirecting the mouse and keyboard is as simple as moving the mouse off the edge of your screen. ", "modified": "2020-12-16T01:43:45", "published": "2020-12-16T01:43:45", "id": "FEDORA:F27A1304E7C1", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: synergy-1.12.0-1.fc33", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15117"], "description": "Synergy lets you easily share your mouse and keyboard between multiple computers, where each computer has its own display. No special hardware is required, all you need is a local area network. Synergy is supported on Windows, Mac OS X and Linux. Redirecting the mouse and keyboard is as simple as moving the mouse off the edge of your screen. ", "modified": "2020-12-17T01:24:20", "published": "2020-12-17T01:24:20", "id": "FEDORA:682D2307F975", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: synergy-1.12.0-1.fc32", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2020-12-22T02:34:44", "description": "Upstream update to v1.12.0-stable Security fix for CVE-2020-15117\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 2, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-17T00:00:00", "title": "Fedora 32 : 1:synergy (2020-2ef60a0580)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15117"], "modified": "2020-12-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:1:synergy"], "id": "FEDORA_2020-2EF60A0580.NASL", "href": "https://www.tenable.com/plugins/nessus/144347", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-2ef60a0580.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144347);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/21\");\n\n script_cve_id(\"CVE-2020-15117\");\n script_xref(name:\"FEDORA\", value:\"2020-2ef60a0580\");\n\n script_name(english:\"Fedora 32 : 1:synergy (2020-2ef60a0580)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Upstream update to v1.12.0-stable Security fix for CVE-2020-15117\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-2ef60a0580\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:synergy package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:synergy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 32\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC32\", reference:\"synergy-1.12.0-1.fc32\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:synergy\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-12-19T02:32:04", "description": "Upstream update to v1.12.0-stable Security fix for CVE-2020-15117\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 2, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-12-16T00:00:00", "title": "Fedora 33 : 1:synergy (2020-cc19e88a1f)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-15117"], "modified": "2020-12-16T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:synergy", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-CC19E88A1F.NASL", "href": "https://www.tenable.com/plugins/nessus/144324", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-cc19e88a1f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144324);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/18\");\n\n script_cve_id(\"CVE-2020-15117\");\n script_xref(name:\"FEDORA\", value:\"2020-cc19e88a1f\");\n\n script_name(english:\"Fedora 33 : 1:synergy (2020-cc19e88a1f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Upstream update to v1.12.0-stable Security fix for CVE-2020-15117\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-cc19e88a1f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected 1:synergy package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:synergy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"synergy-1.12.0-1.fc33\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:synergy\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}]}
