CVE-2024-8534 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Gateway

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write CWE-440 — Expected Behavior Violation3 documents3 sources

Severity

8.4HIGHNVD

EPSS

1.2%

top 21.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netscaler Gateway Netsclaer Netscaler ADC Citrix Netscaler Application Delivery Controller +5 more

Timeline

PublishedNov 12

Latest updateNov 14

Description

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:L

Affected Packages9 packages

▶NVDcitrix/netscaler_gateway12.1 — 13.1-55.34+1

▶CVEListV5netscaler/netscaler_gateway14.1 — 29.72+4

▶citrixcitrix/netscaler_gateway

▶citrixcitrix/citrix_gateway

▶citrixcitrix/xenserver

🔴Vulnerability Details

GHSA

GHSA-33mv-fjxj-2mx6: Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a G↗2024-11-12

▶

📋Vendor Advisories

Citrix

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-8534 and CVE-2024-8535↗2024-11-14

▶