CVE-2021-42973: Integer Overflow
First published: Tue Dec 07 2021(Updated: )
NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NoMachine Server | >4.0.346<7.7.4 | |
| >4.0.346<7.7.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-42973?
CVE-2021-42973 is a vulnerability in NoMachine Server that allows local attackers to execute arbitrary code or cause a denial of service.
How does CVE-2021-42973 affect NoMachine Server?
CVE-2021-42973 affects NoMachine Server versions above 4.0.346 and below 7.7.4.
What is the severity of CVE-2021-42973?
CVE-2021-42973 has a severity rating of 8.8 (high).
How can CVE-2021-42973 be exploited?
CVE-2021-42973 can be exploited by using specially crafted I/O Request Packets.
Is there a fix for CVE-2021-42973?
Yes, upgrading NoMachine Server to version 7.7.4 or above will fix CVE-2021-42973.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/nomachine
- canonical/nomachine server