CVE-2019-12044 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler Application Delivery Controller Firmware

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 31.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix Netscaler Application Delivery Controller Firmware Citrix Netscaler Gateway Firmware Citrix ADM +7 more

Timeline

PublishedMay 22

Latest updateMay 24

Description

A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23 and Citrix Application Delivery Controller 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.1.49.23.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

▶NVDcitrix/netscaler_application_delivery_controller_firmware10.5.0 — 10.5.70+3

▶NVDcitrix/netscaler_gateway_firmware10.5.0 — 10.5.70+3

▶citrixcitrix/netscaler_gateway

▶citrixcitrix/netscaler_adc_gateway

▶citrixcitrix/netscaler_adc

Patches

Patch: support.citrix.com ↗Patch: support.citrix.com ↗

🔴Vulnerability Details

GHSA

GHSA-4g6q-2ghm-pr4w: A Buffer Overflow exists in Citrix NetScaler Gateway 10↗2022-05-24

▶

📋Vendor Advisories

Citrix

CVE-2019-12044: A Buffer Overflow exists in Citrix NetScaler Gateway 10.5.x before 10.5.70.x, 11.1.x before 11.1.59.10, 12.0.x before 12.0.59.8, and 12.1.x before 12.↗2019-05-22

▶

Citrix

Citrix Security Bulletin CTX249976↗

▶