Citrix NetScaler ADC/Gateway RDP-induced memory corruption DoS: CVE-2024-8534 November 2024

Citrix NetScaler ADC/Gateway RDP-induced memory corruption DoS
CVE-2024-8534 Published on November 12, 2024

Memory safety vulnerability leading to memory corruption and Denial of Service
Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabled

Weakness Type

What is a Buffer Overflow Vulnerability?

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

CVE-2024-8534 has been classified to as a Buffer Overflow vulnerability or weakness.

Products Associated with CVE-2024-8534

stack.watch emails you whenever new vulnerabilities are published in Citrix Netscaler Application Delivery Controller or Citrix Netscaler Gateway. Just hit a watch button to start following.

Affected Versions

Version 14.1 and below 29.72 is affected.

Version 13.1 and below 55.34 is affected.

Version 13.1-FIPS and below 37.207 is affected.

Version 12.1-FIPS and below 55.321 is affected.

Version 12.1-NDcPP and below 55.321 is affected.

Version 14.1 and below 29.72 is affected.

Version 13.1 and below 55.34 is affected.

Version 13.1-FIPS and below 37.207 is affected.

Version 12.1-FIPS and below 55.321 is affected.

Version 12.1-NDcPP and below 55.321 is affected.

Version 14.1 and below 14.1-29.72 is affected.

Version 13.1 and below 13.1-55.34 is affected.

Version 13.1 and below 13.1-37.207 is affected.

Version 12.1 and below 12.1-55.321 is affected.

Exploit Probability

EPSS

0.87%

Percentile

74.92%