Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-466
Return of Pointer Value Outside of Expected Range
A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.
CVE-2018-25227 (GCVE-0-2018-25227)
Vulnerability from cvelistv5 – Published: 2026-03-30 11:02 – Updated: 2026-03-30 13:39
VLAI
EPSS
VEX
Title
Valentina Studio 9.0.4 Denial of Service via Host Parameter
Summary
Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger the crash by pasting a 256-byte buffer of repeated characters into the Host parameter during server connection attempts.
Severity
6.2 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-466 - Return of Pointer Value Outside of Expected Range
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46421 | exploit |
| https://valentina-db.com/en/ | product |
| https://valentina-db.com/en/developer/database/do… | product |
| https://www.vulncheck.com/advisories/valentina-st… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Valentina-Db | Valentina Studio |
Affected:
9.0.4
|
Date Public
2018-02-19 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25227",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T13:39:18.481790Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T13:39:24.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Valentina Studio",
"vendor": "Valentina-Db",
"versions": [
{
"status": "affected",
"version": "9.0.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Victor Mondrag\u00f3n"
}
],
"datePublic": "2018-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger the crash by pasting a 256-byte buffer of repeated characters into the Host parameter during server connection attempts."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-466",
"description": "Return of Pointer Value Outside of Expected Range",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T11:02:20.479Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46421",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46421"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://valentina-db.com/en/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://valentina-db.com/en/developer/database/download-valentina-database-adk"
},
{
"name": "VulnCheck Advisory: Valentina Studio 9.0.4 Denial of Service via Host Parameter",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/valentina-studio-denial-of-service-via-host-parameter"
}
],
"title": "Valentina Studio 9.0.4 Denial of Service via Host Parameter",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25227",
"datePublished": "2026-03-30T11:02:20.479Z",
"dateReserved": "2026-03-30T10:53:51.466Z",
"dateUpdated": "2026-03-30T13:39:24.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25234 (GCVE-0-2018-25234)
Vulnerability from cvelistv5 – Published: 2026-03-30 11:02 – Updated: 2026-04-01 18:06
VLAI
EPSS
VEX
Title
SmartFTP Client 9.0.2615.0 Denial of Service via Host Field
Summary
SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to trigger an application crash.
Severity
6.2 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-466 - Return of Pointer Value Outside of Expected Range
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/45759 | exploit |
| https://www.smartftp.com/en-us/ | product |
| https://www.smartftp.com/en-us/download | product |
| https://www.vulncheck.com/advisories/smartftp-cli… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Smartftp | SmartFTP Client |
Affected:
9.0.2615.0
|
Date Public
2018-10-30 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-25234",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-01T18:06:24.903241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-01T18:06:41.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SmartFTP Client",
"vendor": "Smartftp",
"versions": [
{
"status": "affected",
"version": "9.0.2615.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Victor Mondrag\u00f3n"
}
],
"datePublic": "2018-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the Host connection parameter to trigger an application crash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-466",
"description": "Return of Pointer Value Outside of Expected Range",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T11:02:25.501Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-45759",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/45759"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.smartftp.com/en-us/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "https://www.smartftp.com/en-us/download"
},
{
"name": "VulnCheck Advisory: SmartFTP Client 9.0.2615.0 Denial of Service via Host Field",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/smartftp-client-denial-of-service-via-host-field"
}
],
"title": "SmartFTP Client 9.0.2615.0 Denial of Service via Host Field",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25234",
"datePublished": "2026-03-30T11:02:25.501Z",
"dateReserved": "2026-03-30T11:00:13.926Z",
"dateUpdated": "2026-04-01T18:06:41.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25548 (GCVE-0-2019-25548)
Vulnerability from cvelistv5 – Published: 2026-03-21 12:46 – Updated: 2026-03-23 15:41
VLAI
EPSS
VEX
Title
BlueStacks 4.80.0.1060 Denial of Service via Search Field
Summary
BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation to cause the application to crash.
Severity
6.2 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-466 - Return of Pointer Value Outside of Expected Range
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46893 | exploit |
| https://www.bluestacks.com | product |
| https://www.vulncheck.com/advisories/bluestacks-d… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Bluestacks | BlueStacks |
Affected:
4.80.0.1060
|
Date Public
2019-05-22 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25548",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T15:41:40.662603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T15:41:46.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "BlueStacks",
"vendor": "Bluestacks",
"versions": [
{
"status": "affected",
"version": "4.80.0.1060"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.80.0.1060:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:3.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.270.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.260.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.250.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.240.30:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.240.20:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.240.15:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.240.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.230.20:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.230.10:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.230.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.220.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.215.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.210.10:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.210.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.205.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.200.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.190.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.180.10:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alejandra S\u00e1nchez"
}
],
"datePublic": "2019-05-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 \u0027A\u0027 characters into the search field and trigger a search operation to cause the application to crash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-466",
"description": "Return of Pointer Value Outside of Expected Range",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-21T12:46:51.527Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46893",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46893"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://www.bluestacks.com"
},
{
"name": "VulnCheck Advisory: BlueStacks 4.80.0.1060 Denial of Service via Search Field",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/bluestacks-denial-of-service-via-search-field"
}
],
"title": "BlueStacks 4.80.0.1060 Denial of Service via Search Field",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25548",
"datePublished": "2026-03-21T12:46:51.527Z",
"dateReserved": "2026-03-21T12:24:16.207Z",
"dateUpdated": "2026-03-23T15:41:46.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25586 (GCVE-0-2019-25586)
Vulnerability from cvelistv5 – Published: 2026-03-22 00:11 – Updated: 2026-03-23 16:31
VLAI
EPSS
VEX
Title
Deluge 1.3.15 Denial of Service via URL Field
Summary
Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the 'From URL' field during torrent addition to trigger an application crash.
Severity
6.2 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-466 - Return of Pointer Value Outside of Expected Range
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46883 | exploit |
| https://dev.deluge-torrent.org/ | product |
| http://download.deluge-torrent.org/windows/deluge… | product |
| https://www.vulncheck.com/advisories/deluge-denia… | third-party-advisory |
Date Public
2019-05-21 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25586",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T16:31:42.508827Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T16:31:56.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Deluge",
"vendor": "Dev",
"versions": [
{
"status": "affected",
"version": "1.3.15"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:deluge-torrent:deluge:1.3.15:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Victor Mondrag\u00f3n"
}
],
"datePublic": "2019-05-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Deluge 1.3.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the URL field. Attackers can paste a buffer of 5000 characters into the \u0027From URL\u0027 field during torrent addition to trigger an application crash."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-466",
"description": "Return of Pointer Value Outside of Expected Range",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-22T00:15:29.483Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46883",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46883"
},
{
"name": "Official Product Homepage",
"tags": [
"product"
],
"url": "https://dev.deluge-torrent.org/"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://download.deluge-torrent.org/windows/deluge-1.3.15-win32-py2.7.exe"
},
{
"name": "VulnCheck Advisory: Deluge 1.3.15 Denial of Service via URL Field",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/deluge-denial-of-service-via-url-field"
}
],
"title": "Deluge 1.3.15 Denial of Service via URL Field",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25586",
"datePublished": "2026-03-22T00:11:08.129Z",
"dateReserved": "2026-03-21T16:46:03.499Z",
"dateUpdated": "2026-03-23T16:31:56.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25599 (GCVE-0-2019-25599)
Vulnerability from cvelistv5 – Published: 2026-03-22 13:38 – Updated: 2026-03-23 19:18
VLAI
EPSS
VEX
Title
Backup Key Recovery 2.2.4 Denial of Service via Name Field
Summary
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when submitting the form.
Severity
6.2 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-466 - Return of Pointer Value Outside of Expected Range
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/46750 | exploit |
| http://www.nsauditor.com/downloads/backeyrecovery… | product |
| https://www.vulncheck.com/advisories/backup-key-r… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nsauditor | Backup Key Recovery |
Affected:
2.2.4
|
Date Public
2019-04-24 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25599",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T19:17:40.107270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T19:18:35.676Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Backup Key Recovery",
"vendor": "Nsauditor",
"versions": [
{
"status": "affected",
"version": "2.2.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Victor Mondrag\u00f3n"
}
],
"datePublic": "2019-04-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when submitting the form."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-466",
"description": "Return of Pointer Value Outside of Expected Range",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-22T13:38:35.822Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-46750",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/46750"
},
{
"name": "Product Reference",
"tags": [
"product"
],
"url": "http://www.nsauditor.com/downloads/backeyrecovery_setup.exe"
},
{
"name": "VulnCheck Advisory: Backup Key Recovery 2.2.4 Denial of Service via Name Field",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/backup-key-recovery-denial-of-service-via-name-field"
}
],
"title": "Backup Key Recovery 2.2.4 Denial of Service via Name Field",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25599",
"datePublished": "2026-03-22T13:38:35.822Z",
"dateReserved": "2026-03-22T12:59:29.746Z",
"dateUpdated": "2026-03-23T19:18:35.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-21849 (GCVE-0-2024-21849)
Vulnerability from cvelistv5 – Published: 2024-02-14 16:30 – Updated: 2024-08-01 22:27
VLAI
EPSS
VEX
Title
BIG-IP Websockets vulnerability
Summary
When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-466 - Return of Pointer Value Outside of Expected Range
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://my.f5.com/manage/s/article/K000135873 | vendor-advisory |
Impacted products
Date Public
2024-02-14 15:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T19:23:40.078261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:56.070Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000135873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Advanced WAF",
"ASM"
],
"product": "BIG-IP",
"vendor": "F5",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "17.1.0",
"versionType": "custom"
},
{
"lessThan": "16.1.4",
"status": "affected",
"version": "16.1.0",
"versionType": "custom"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "15.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "F5"
}
],
"datePublic": "2024-02-14T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate.\u0026nbsp;\u0026nbsp;\u003c/span\u003e\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"value": "\n\n\nWhen an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-466",
"description": "CWE-466 Return of Pointer Value Outside of Expected Range",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T16:30:21.661Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://my.f5.com/manage/s/article/K000135873"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "BIG-IP Websockets vulnerability",
"x_generator": {
"engine": "F5 SIRTBot v1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2024-21849",
"datePublished": "2024-02-14T16:30:21.661Z",
"dateReserved": "2024-02-01T22:13:26.359Z",
"dateUpdated": "2024-08-01T22:27:36.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-33602 (GCVE-0-2024-33602)
Vulnerability from cvelistv5 – Published: 2024-05-06 19:22 – Updated: 2026-05-12 11:51
VLAI
EPSS
VEX
Title
nscd: netgroup cache assumes NSS callback uses in-buffer strings
Summary
nscd: netgroup cache assumes NSS callback uses in-buffer strings
The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
when the NSS callback does not store all strings in the provided buffer.
The flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-466 - Return of Pointer Value Outside of Expected Range
Assigner
References
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.15 , < 2.40
(custom)
|
|
| gnu | glibc |
Affected:
2.15 , < 2.40
(custom)
cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:* |
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gnu:glibc:2.15:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "glibc",
"vendor": "gnu",
"versions": [
{
"lessThan": "2.40",
"status": "affected",
"version": "2.15",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-33602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T16:09:29.755117Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T16:26:29.854Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:36:04.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240524-0012/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:51:48.295Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"lessThan": "2.40",
"status": "affected",
"version": "2.15",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003enscd: netgroup cache assumes NSS callback uses in-buffer strings\u003cbr\u003e\u003cbr\u003eThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\u003cbr\u003ewhen the NSS callback does not store all strings in the provided buffer.\u003cbr\u003eThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\u003cbr\u003e\u003cbr\u003eThis vulnerability is only present in the nscd binary.\u003c/div\u003e"
}
],
"value": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon\u0027s (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129 Pointer Manipulation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-466",
"description": "CWE-466 Return of Pointer Value Outside of Expected Range",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T18:06:04.473Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240524-0012/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/5"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "nscd: netgroup cache assumes NSS callback uses in-buffer strings",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2024-33602",
"datePublished": "2024-05-06T19:22:12.383Z",
"dateReserved": "2024-04-24T20:35:08.340Z",
"dateUpdated": "2026-05-12T11:51:48.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-57025 (GCVE-0-2026-57025)
Vulnerability from cvelistv5 – Published: 2026-07-09 21:07 – Updated: 2026-07-09 21:07
VLAI
EPSS
VEX
Title
Junos OS and Junos OS Evolved: EX Series, QFX Series, MX Series: A specific 'show l2-learning' command causes l2ald crash
Summary
A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS).
On EX Series, QFX Series and MX Series a low-privileged attacker issuing a specific 'show l2-learning' command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted.
This issue affects EX Series, QFX Series, MX Series:
Junos OS:
* all versions before 23.2R2-S7,
* 23.4 versions before 23.4R2-S7,
* 24.2 versions before 24.2R2,
* 24.4 versions before 24.4R1-S2.
Junos OS Evolved:
* all versions before 23.2R2-S7-EVO,
* 23.4 versions before 23.4R2-S8-EVO,
* 24.2 versions before 24.2R2-EVO,
* 24.4 versions before 24.4R1-S3-EVO.
Severity
CWE
- CWE-466 - Return of Pointer Value Outside of Expected Range
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA110085 | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 23.2R2-S7
(custom)
Affected: 23.4 , < 23.4R2-S7 (custom) Affected: 24.2 , < 24.2R2 (custom) Affected: 24.4 , < 24.4R1-S2 (custom) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
0 , < 23.2R2-S7-EVO
(custom)
Affected: 23.4 , < 23.4R2-S8-EVO (custom) Affected: 24.2 , < 24.2R2-EVO (custom) Affected: 24.4 , < 24.4R1-S3-EVO (custom) |
Date Public
2026-07-08 16:00
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EX Series",
"QFX Series",
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.2R2-S7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "23.4R2-S7",
"status": "affected",
"version": "23.4",
"versionType": "custom"
},
{
"lessThan": "24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "custom"
},
{
"lessThan": "24.4R1-S2",
"status": "affected",
"version": "24.4",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.2R2-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "23.4R2-S8-EVO",
"status": "affected",
"version": "23.4",
"versionType": "custom"
},
{
"lessThan": "24.2R2-EVO",
"status": "affected",
"version": "24.2",
"versionType": "custom"
},
{
"lessThan": "24.4R1-S3-EVO",
"status": "affected",
"version": "24.4",
"versionType": "custom"
}
]
}
],
"datePublic": "2026-07-08T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eOn EX Series, QFX Series and MX Series a\u0026nbsp;low-privileged attacker issuing a specific \u0027show l2-learning\u0027 command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted.\u003cbr\u003e\u003cp\u003e\u003cbr\u003eThis issue affects EX Series, QFX Series, MX Series:\u003cbr\u003eJunos OS:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S7,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S2.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved:\u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 23.2R2-S7-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S8-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S3-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS).\n\nOn EX Series, QFX Series and MX Series a\u00a0low-privileged attacker issuing a specific \u0027show l2-learning\u0027 command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted.\n\nThis issue affects EX Series, QFX Series, MX Series:\nJunos OS:\n\n\n * all versions before 23.2R2-S7,\n * 23.4 versions before 23.4R2-S7,\n * 24.2 versions before 24.2R2,\n * 24.4 versions before 24.4R1-S2.\n\n\n\nJunos OS Evolved:\n * all versions before 23.2R2-S7-EVO,\n * 23.4 versions before 23.4R2-S8-EVO,\n * 24.2 versions before 24.2R2-EVO,\n * 24.4 versions before 24.4R1-S3-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-466",
"description": "CWE-466 Return of Pointer Value Outside of Expected Range",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T21:07:20.486Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA110085"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS: 23.2R2-S7, 23.4R2-S7, 24.2R2, 24.4R1-S2, 24.4R2, 25.2R1, and all subsequent releases;\u003cbr\u003eJunos OS Evolved: 23.2R2-S7-EVO, 23.4R2-S8-EVO, 24.2R2-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 23.2R2-S7, 23.4R2-S7, 24.2R2, 24.4R1-S2, 24.4R2, 25.2R1, and all subsequent releases;\nJunos OS Evolved: 23.2R2-S7-EVO, 23.4R2-S8-EVO, 24.2R2-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA110085",
"defect": [
"1861779"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: EX Series, QFX Series, MX Series: A specific \u0027show l2-learning\u0027 command causes l2ald crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue.\u003cbr\u003e\u003cbr\u003eTo reduce the risk of exploitation use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e"
}
],
"value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-57025",
"datePublished": "2026-07-09T21:07:20.486Z",
"dateReserved": "2026-06-23T16:27:00.248Z",
"dateUpdated": "2026-07-09T21:07:20.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.