Headline
CVE-2022-23967: Server for Unix/Linux/X11
In TightVNC 1.3.10, there is an integer signedness error and resultant heap-based buffer overflow in InitialiseRFBConnection in rfbproto.c (for the vncviewer component). There is no check on the size given to malloc, e.g., -1 is accepted. This allocates a chunk of size zero, which will give a heap pointer. However, one can send 0xffffffff bytes of data, which can have a DoS impact or lead to remote code execution.
Server for Unix/Linux/X11
The best features and performance from TightVNC Server are now readily available for implementation into your Linux applications. Controlling your remote desktop with any VNC-compatible client has never been that easy and convenient.
Our latest Server for Unix/Linux (X Window) is developed based on TightVNC version 2.0 with C++ and has a common codebase with Windows and macOS Servers. It supports most of the features available with the latest versions of TightVNC such as file transfer, access lists, additional ports, and built-in web-server.
The Server is fitted with JavaScript client support, such as noVNC and with the realization of WebSocket protocol.
This product is also supporting HTTPs as well as WebSocket Secure, thus allowing channel encryption without a need of using any additional software.
The Server for Unix/Linux is fully compatible with RFB protocol, hence you can create your protocol extensions for all your needs.
Controlling the Server can be accomplished utilizing the configuration file or by the web-interface.
For commercial licensing this product is available for licensing only under a source code license.
Our latest Server for Unix/Linux is not available under free GNU GPL license and is not available for public download and review at our web-site.
The version 1.3 of this Server, available on our site for public download, is outdated and not supported by us.
For more details, please fill in the licensing request form below.
Proceed to Licensing
If you are interested in the commercial licensing option, please fill in the form below and press "Submit Information". Make sure to provide both your real personal name and the company name.
You will be contacted by e-mail so please make sure to enter your valid e-mail address as well. This e-mail address will not be disclosed to any third party and will be used only for correspondence directly related to your request.
If you have problems with filling in this form, please contact us directly.
Thank you!