In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the available memory of the Server is more than 4GB.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15117
Reference (s):
- https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp
- URL: https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp
- FEDORA:FEDORA-2020-2ef60a0580
- URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WAQYCMBWNVCIEM27NPIKK3DGJCNBYLAK/
- FEDORA:FEDORA-2020-cc19e88a1f