PT-2018-2984 · Juniper Networks · Libslax

Shuitao Gan

Published

2018-11-13

Updated

2021-07-21

CVE-2019-1010232

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions juniper/libslax version (as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5)

Description The issue is related to a buffer overflow in the slaxGetInput function, located in the slaxlexer.c component. This can be exploited to cause a remote denial of service. The attack vector involves using the ./slaxproc command with the --slax-to-xslt option and a proof-of-concept file, such as POC0. The vulnerability allows a remote attacker to cause a denial of service.

Recommendations For juniper/libslax version (as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5), consider disabling the slaxGetInput function in the slaxlexer.c component as a temporary workaround to minimize the risk of exploitation. Avoid using the ./slaxproc command with the --slax-to-xslt option until the issue is resolved.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

BDU:2019-03130

CVE-2019-1010232

Affected Products

Libslax

PT-2018-2984 · Juniper Networks · Libslax

CVE-2019-1010232

Weakness Enumeration

Related Identifiers

Affected Products

References · 6