CVE-2021-42977: Integer Overflow
First published: Tue Dec 07 2021(Updated: )
NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NoMachine Enterprise Desktop | >4.0.346<7.7.4 | |
| >4.0.346<7.7.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-42977.
What is the severity of CVE-2021-42977?
CVE-2021-42977 has a severity rating of 8.8 (high).
Which software is affected by CVE-2021-42977?
NoMachine Enterprise Desktop versions above 4.0.346 and below 7.7.4 are affected by CVE-2021-42977.
How can CVE-2021-42977 be exploited?
CVE-2021-42977 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted input.
Is there a fix available for CVE-2021-42977?
At the time of this writing, there is no known fix for CVE-2021-42977. It is recommended to update to a version of NoMachine Enterprise Desktop that is above 7.7.4 to mitigate the vulnerability.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/nomachine
- canonical/nomachine enterprise desktop