all InfoSec news
Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow
April 17, 2024, 12:48 p.m. | Jimi Sebree
Tenable Research Advisories www.tenable.com
A heap-based buffer overflow vulnerability exists in Ivanti Avalanche prior to 6.4.3.
A message sent to Avalanche's WLAvalancheService.exe on TCP port 1777 has the following structure:
// be = big-endian
strut msg
{
preamble pre;
hp hdrpay;
};
struct preamble
{
be32 MsgSize; // size of hp + 16
be32 HdrSize; // size of hp.hdr
be32 PayloadSize; // size of hp.payload
be32 unk:24;
be32 em:8; // encryption method
};
// header + payload …
avalanche big buffer buffer overflow buffer overflow vulnerability ivanti ivanti avalanche message msg overflow port size structure tcp unauthenticated vulnerability
More from www.tenable.com / Tenable Research Advisories
Cross-Site Scripting in WordPress RSS Aggregator Plugin
4 days, 16 hours ago |
www.tenable.com
Solidus Stored Cross-Site Scripting
4 days, 16 hours ago |
www.tenable.com
Delta Electronics DIAEnergie CEBC.exe Multiple Vulnerabilities
1 week, 5 days ago |
www.tenable.com
Approach.App Multiple Vulnerabilities
4 weeks, 1 day ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
1 month, 1 week ago |
www.tenable.com
LG LED Assistant v2.1.65 Multiple Vulnerabilities
1 month, 2 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
COMM Penetration Tester (PenTest-2), Chantilly, VA OS&CI Job #368
@ Allen Integrated Solutions | Chantilly, Virginia, United States
Consultant Sécurité SI H/F Gouvernance - Risques - Conformité
@ Hifield | Sèvres, France
Infrastructure Consultant
@ Telefonica Tech | Belfast, United Kingdom