CVEs related to TLS and TCP connections

[nbolton]

💵 Bounty: $1000 (details)

Feature Request

Original CVE report: https://www.openwall.com/lists/oss-security/2021/11/02/4

There are a few CVEs that affect Deskflow, as well as one SonarCloud hotspot:

• CVE-2021-42072
• CVE-2021-42073
• CVE-2021-42074
• CVE-2021-42075
• CVE-2021-42076
• SonarCloud hotspot: cpp:S5527 (Enable server hostname verification on this SSL/TLS connection)
• https://github.com/deskflow/deskflow/security/code-scanning/554

The fixes downstream need to be ported upstream. Except for SonarCloud hotspot: cpp:S5527, which may be fixed by one of the CVE fixes, or may need to be fixed as well. There is also this GitHub detected issue, but that appears to be the same as the SonarCloud issue: https://github.com/deskflow/deskflow/security/code-scanning/554

Related:

• Pentest to verify TLS CVE fixes #8010
• SonarCloud hotspot: cpp:S5527
• debauchee@229abab

[nbolton]

@mgerstner It looks like you helped with a lot of these, so this may be of interest.

[mgerstner]

@mgerstner It looks like you helped with a lot of these, so this may be of interest.

Ah yes, that was in Barrier. Quite some time ago, I completely forgot about it. Thanks for the hint!

[sithlord48]

https://github.com/debauchee/barrier/pulls?q=is%3Apr+is%3Amerged+Cve

[nbolton]

/bounty $1000

[algora-pbc]

💎 $1,000 bounty • Deskflow

## 💎 $50 bounty • Deskflow

Steps to solve:

1. Start working: Comment /attempt #7806 with your implementation plan
2. Submit work: Create a pull request including /claim #7806 in the PR body to claim the bounty
3. Receive payment: 100% of the bounty is received 2-5 days post-reward. Make sure you are eligible for payouts

Thank you for contributing to deskflow/deskflow!

Add a bounty • Share on socials

Attempt	Started (GMT+0)	Solution
🟢 @varshith257	Dec 16, 2024, 4:59:52 PM	#7806
🟢 @zelosleone	Dec 17, 2024, 8:36:10 PM	WIP
🔴 @SAIKIRANSURAPALLI	Dec 31, 2024, 3:26:01 PM	WIP
🟢 @sithlord48		#7806