Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionGitHub Advisory
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connected peer to trigger an out-of-bounds read by sending a malformed clipboard update. The issue is in the implementation of src/lib/deskflow/IClipboard.cpp. This is reachable because ClipboardChunk::assemble() in src/lib/deskflow/ClipboardChunk.cpp validates only the outer clipboard transfer size. It does not validate the internal structure of the serialized clipboard blob, so malformed inner lengths reach IClipboard::unmarshall() unchanged. This vulnerability is fixed in 1.26.0.138.
AnalysisAI
Out-of-bounds memory read in Deskflow's clipboard deserialization allows authenticated remote peers to crash the application or potentially leak memory contents. The vulnerability affects versions prior to 1.26.0.138 and stems from insufficient validation of clipboard data structure during network transfer between connected machines. A malicious peer on the shared keyboard/mouse network can exploit this by sending specially crafted clipboard updates. CVSS 7.4 reflects network-based attack with low complexity requiring authenticated peer connection. No public exploit identified at time of analysis, though proof-of-concept code exists (CVSS E:P).
Technical ContextAI
Deskflow is a keyboard, mouse, and clipboard sharing application that allows multiple computers to be controlled from a single keyboard/mouse. The vulnerability resides in the clipboard synchronization protocol implementation within src/lib/deskflow/IClipboard.cpp. When clipboard data is transmitted between peers, ClipboardChunk::assemble() validates only the outer transfer envelope size but fails to verify the internal structure of the serialized clipboard blob. This allows malformed length fields in the inner data structure to bypass validation checks and reach IClipboard::unmarshall() unchanged, triggering an out-of-bounds read (CWE-120: Buffer Copy without Checking Size of Input). This is a classic deserialization vulnerability where untrusted network data is processed without adequate boundary validation, similar to issues seen in other peer-to-peer synchronization protocols.
RemediationAI
Upgrade to Deskflow version 1.26.0.138 or later, which contains the fix for improper clipboard deserialization validation. The patched version adds proper bounds checking to IClipboard::unmarshall() to validate internal structure fields before processing. Download the updated release from the official Deskflow repository or distribution channel. If immediate patching is not feasible, disable clipboard sharing functionality in Deskflow configuration settings to eliminate the attack surface, though this removes a core feature. Alternatively, restrict Deskflow peer connections to only verified, fully trusted machines on isolated network segments, and monitor for abnormal clipboard transfer activity or application crashes. Organizations should review the vendor advisory at https://github.com/deskflow/deskflow/security/advisories/GHSA-3jp5-g964-cgmh for additional implementation details.
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Buffer Overflow
View allVendor StatusVendor
SUSE
Severity: HighShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25622