CVE-2024-8534
12.11.2024, 19:15
Memory safety vulnerability leading to memory corruption and Denial of Servicein NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabledOR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver)OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabledEnginsight
| Vendor | Product | Version |
|---|---|---|
| citrix | netscaler_application_delivery_controller | 12.1 ≤ 𝑥 < 12.1-55.321 |
| citrix | netscaler_application_delivery_controller | 12.1 ≤ 𝑥 < 12.1-55.321 |
| citrix | netscaler_application_delivery_controller | 12.1 ≤ 𝑥 < 13.1-55.34 |
| citrix | netscaler_application_delivery_controller | 13.1 ≤ 𝑥 < 13.1-37.207 |
| citrix | netscaler_application_delivery_controller | 14.1 ≤ 𝑥 < 14.1-29.72 |
| citrix | netscaler_gateway | 12.1 ≤ 𝑥 < 13.1-55.34 |
| citrix | netscaler_gateway | 14.1 ≤ 𝑥 < 14.1-29.72 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.