CVE-2006-6334 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix ADM

3 documents3 sources

Severity

6.8MEDIUMCNA

No vector

EPSS

20.5%

top 4.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix ADM Citrix Hypervisor Citrix Virtual Apps AND Desktops +4 more

Timeline

PublishedDec 8

Latest updateMay 1

Description

Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer.

Affected Packages7 packages

▶citrixcitrix/xenserver

▶citrixcitrix/citrix_adm

▶citrixcitrix/netscaler_adc

▶citrixcitrix/citrix_hypervisor

▶citrixcitrix/netscaler_gateway

🔴Vulnerability Details

GHSA

GHSA-mrvm-74cr-9fh4: Heap-based buffer overflow in the SendChannelData function in wfica↗2022-05-01

▶

CVEList

CVE-2006-6334: Heap-based buffer overflow in the SendChannelData function in wfica↗2006-12-08

▶

📋Vendor Advisories

Citrix

Citrix Security Bulletin CTX111827↗

▶