Sign-up

ID

VAR-201907-1219


CVE

CVE-2019-1010232


TITLE

Juniper libslax Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-007174

DESCRIPTION

Juniper juniper/libslax libslax latest version (as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5 Commits on Sep 1, 2018) is affected by: Buffer Overflow. The impact is: remote dos. The component is: slaxlexer.c:601(funtion:slaxGetInput). The attack vector is: ./slaxproc --slax-to-xslt POC0. Juniper libslax Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. libslax is an open source implementation of the SLAX language. The slaxlexer.c file in libslax has a buffer error vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

Trust: 1.71

sources: NVD: CVE-2019-1010232 // JVNDB: JVNDB-2019-007174 // VULHUB: VHN-141509

AFFECTED PRODUCTS

vendor:junipermodel:libslaxscope:eqversion:0.22.0

Trust: 1.0

vendor:junipermodel:libslaxscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-007174 // NVD: CVE-2019-1010232

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1010232
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1010232
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201907-1171
value: MEDIUM

Trust: 0.6

VULHUB: VHN-141509
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-1010232
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-141509
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1010232
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-141509 // JVNDB: JVNDB-2019-007174 // CNNVD: CNNVD-201907-1171 // NVD: CVE-2019-1010232

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-141509 // JVNDB: JVNDB-2019-007174 // NVD: CVE-2019-1010232

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1171

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1171

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007174

PATCH
title:libslaxurl:https://github.com/Juniper/libslax
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-007174

EXTERNAL IDS
db:NVDid:CVE-2019-1010232
Trust: 2.5
db:JVNDBid:JVNDB-2019-007174
Trust: 0.8
db:CNNVDid:CNNVD-201907-1171
Trust: 0.7
db:VULHUBid:VHN-141509
Trust: 0.1
sources:
            
            
            VULHUB: VHN-141509 // 
            
            
            
            JVNDB: JVNDB-2019-007174 // 
            
            
            
            CNNVD: CNNVD-201907-1171 // 
            
            
            
            NVD: CVE-2019-1010232

REFERENCES
url:https://bugzilla.redhat.com/show_bug.cgi?id=1649175
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-1010232
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1010232
Trust: 0.8
sources:
            
            
            VULHUB: VHN-141509 // 
            
            
            
            JVNDB: JVNDB-2019-007174 // 
            
            
            
            CNNVD: CNNVD-201907-1171 // 
            
            
            
            NVD: CVE-2019-1010232

SOURCES
db:VULHUBid:VHN-141509
db:JVNDBid:JVNDB-2019-007174
db:CNNVDid:CNNVD-201907-1171
db:NVDid:CVE-2019-1010232

LAST UPDATE DATE
2024-11-23T22:25:53.534000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-141509date:2019-08-01T00:00:00
db:JVNDBid:JVNDB-2019-007174date:2019-08-05T00:00:00
db:CNNVDid:CNNVD-201907-1171date:2019-08-02T00:00:00
db:NVDid:CVE-2019-1010232date:2024-11-21T04:18:04.390

SOURCES RELEASE DATE
db:VULHUBid:VHN-141509date:2019-07-22T00:00:00
db:JVNDBid:JVNDB-2019-007174date:2019-08-05T00:00:00
db:CNNVDid:CNNVD-201907-1171date:2019-07-22T00:00:00
db:NVDid:CVE-2019-1010232date:2019-07-22T16:15:11.253