Vulnerability Description
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nipper-Ng Project | Nipper-Ng | 0.11.10 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/155378/nipper-ng-0.11.10-Remote-Buffer-Over
- https://blog.vastart.dev/2019/10/stack-overflow-cve-2019-17424.htmlExploitThird Party Advisory
- https://code.google.com/archive/p/nipper-ng/source/default/sourceThird Party Advisory
- https://github.com/guywhataguy/CVE-2019-17424Third Party Advisory
- https://twitter.com/va_startThird Party Advisory
- http://packetstormsecurity.com/files/155378/nipper-ng-0.11.10-Remote-Buffer-Over
- https://blog.vastart.dev/2019/10/stack-overflow-cve-2019-17424.htmlExploitThird Party Advisory
- https://code.google.com/archive/p/nipper-ng/source/default/sourceThird Party Advisory
- https://github.com/guywhataguy/CVE-2019-17424Third Party Advisory
- https://twitter.com/va_startThird Party Advisory
FAQ
What is CVE-2019-17424?
CVE-2019-17424 is a vulnerability with a CVSS score of 7.8 (HIGH). A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Exe...
How severe is CVE-2019-17424?
CVE-2019-17424 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-17424?
Check the references section above for vendor advisories and patch information. Affected products include: Nipper-Ng Project Nipper-Ng.