CVE-2017-7219 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler Gateway Firmware

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources

Severity

8.8HIGHNVD

EPSS

1.6%

top 18.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Netscaler Gateway Firmware Citrix ADM Citrix Hypervisor +6 more

Timeline

PublishedApr 13

Latest updateMay 17

Description

A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.13 allows a remote authenticated attacker to run arbitrary commands via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

▶citrixcitrix/netscaler_gateway

▶citrixcitrix/netscaler_adc_gateway

▶NVDcitrix/netscaler_gateway_firmware4 versions+3

▶citrixcitrix/netscaler_adc

▶citrixcitrix/xenserver

Patches

Patch: support.citrix.com ↗Patch: support.citrix.com ↗

🔴Vulnerability Details

GHSA

GHSA-j85r-56xq-w6gx: A heap overflow vulnerability in Citrix NetScaler Gateway versions 10↗2022-05-17

▶

📋Vendor Advisories

Citrix

CVE-2017-7219: A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 before 135.8/135.12, 10.5 before 65.11, 11.0 before 70.12, and 11.1 before 52.↗2017-04-13

▶

Citrix

Citrix Security Bulletin CTX222657↗

▶

📄Research Papers

arXiv

On the Effectiveness of Type-based Control Flow Integrity↗2020-02-14

▶