Suggestions search

All statuses

Filter by:

With package: deskflow

Found 2 matching suggestions

View:

Compact

Detailed

Published

Permalink CVE-2026-41476

updated 2 days, 12 hours ago by @LeSuisse Activity log

Created suggestion 4 days, 17 hours ago
@LeSuisse accepted 2 days, 12 hours ago
@LeSuisse published on GitHub 2 days, 12 hours ago

Deskflow: clipboard deserialization global-buffer-overflow

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connected peer to trigger an out-of-bounds read by sending a malformed clipboard update. The issue is in the implementation of src/lib/deskflow/IClipboard.cpp. This is reachable because ClipboardChunk::assemble() in src/lib/deskflow/ClipboardChunk.cpp validates only the outer clipboard transfer size. It does not validate the internal structure of the serialized clipboard blob, so malformed inner lengths reach IClipboard::unmarshall() unchanged. This vulnerability is fixed in 1.26.0.138.

References

https://github.com/deskflow/deskflow/security/advisories/GHSA-3jp5-g964-cgmh exploitx_refsource_CONFIRM

Affected products

deskflow

==< 1.26.0.138

Matching in nixpkgs

pkgs.deskflow

Share one mouse and keyboard between multiple computers on Windows, macOS and Linux

nixos-unstable 1.25.0
- nixpkgs-unstable 1.25.0
- nixos-unstable-small 1.25.0
nixos-25.11 1.24.0
- nixos-25.11-small 1.24.0
- nixpkgs-25.11-darwin 1.24.0

Package maintainers

@flacks Jean Lucas <jean@4ray.co>

Dismissed

Permalink CVE-2026-41477

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH