CVE-2019-8960 — Improper Check for Unusual or Exceptional Conditions in Flexnet Publisher

CWE-754 — Improper Check for Unusual or Exceptional Conditions3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Flexera Flexnet Publisher

Timeline

PublishedApr 21

Latest updateMay 24

Description

A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDflexera/flexnet_publisher11.16.2

🔴Vulnerability Details

GHSA

GHSA-j42p-4m2g-2gc3: A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin↗2022-05-24

▶

CVEList

CVE-2019-8960: A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin↗2020-04-21

▶