PT-2018-2984 · Juniper Networks · Libslax

Shuitao Gan

Publicado

2018-11-13

Atualizado

2021-07-21

CVE-2019-1010232

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions juniper/libslax version (as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5)

Description The issue is related to a buffer overflow in the slaxGetInput function, located in the slaxlexer.c component. This can be exploited to cause a remote denial of service. The attack vector involves using the ./slaxproc command with the --slax-to-xslt option and a proof-of-concept file, such as POC0. The vulnerability allows a remote attacker to cause a denial of service.

Recommendations For juniper/libslax version (as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5), consider disabling the slaxGetInput function in the slaxlexer.c component as a temporary workaround to minimize the risk of exploitation. Avoid using the ./slaxproc command with the --slax-to-xslt option until the issue is resolved.

Exploit

Correção

Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-787

Identificadores relacionados

BDU:2019-03130

CVE-2019-1010232

Produtos afetados

Libslax

PT-2018-2984 · Juniper Networks · Libslax

CVE-2019-1010232

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6