**Name of the Vulnerable Software and Affected Versions:**

NetScaler ADC and NetScaler Gateway versions 13.1, 14.1, 13.1-FIPS and NDcPP

**Description:**

A memory overflow vulnerability exists in NetScaler ADC and NetScaler Gateway, potentially leading to Remote Code Execution (RCE) and/or Denial of Service (DoS). This vulnerability is actively exploited in the wild, with exploitation observed on unmitigated appliances. The vulnerability is present when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server, or when LB virtual servers of type (HTTP, SSL or HTTP QUIC) are bound with IPv6 services or servicegroups bound with IPv6 servers, or when LB virtual servers of type (HTTP, SSL or HTTP QUIC) are bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers, or with CR virtual server with type HDX.

**Recommendations:**

Versions prior to the latest available updates are affected.

At the moment, there is no information about a newer version that contains a fix for this vulnerability.