CVE-2019-10882

Name of the Vulnerable Software and Affected Versions Netskope client service versions prior to 57.2.0.219 Netskope client service versions prior to 60.2.0.214

Description The issue is related to a stack-based buffer overflow in the doHandshakefromServer function. This function is part of the connection handling mechanism in the Netskope client service, which runs with NTSYSTEM privilege and accepts network connections from localhost. Local users can exploit this to cause a crash of the service, potentially leading to additional system impact.

Recommendations For versions prior to 57.2.0.219, update to version 57.2.0.219 or later. For versions prior to 60.2.0.214, update to version 60.2.0.214 or later. As a temporary workaround, consider disabling the doHandshakefromServer function until a patch is available.