Vulnerabilities > CVE-2019-17424 - Out-of-bounds Write vulnerability in Nipper-Ng Project Nipper-Ng 0.11.10
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| id | EDB-ID:47673 |
| last seen | 2019-11-18 |
| modified | 2019-11-18 |
| published | 2019-11-18 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/47673 |
| title | nipper-ng 0.11.10 - Remote Buffer Overflow (PoC) |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/155378/nipperng01110-overflow.txt |
| id | PACKETSTORM:155378 |
| last seen | 2019-11-19 |
| published | 2019-11-18 |
| reporter | Guy Levin |
| source | https://packetstormsecurity.com/files/155378/nipper-ng-0.11.10-Remote-Buffer-Overflow.html |
| title | nipper-ng 0.11.10 Remote Buffer Overflow |
References
- http://packetstormsecurity.com/files/155378/nipper-ng-0.11.10-Remote-Buffer-Overflow.html
- http://packetstormsecurity.com/files/155378/nipper-ng-0.11.10-Remote-Buffer-Overflow.html
- https://blog.vastart.dev/2019/10/stack-overflow-cve-2019-17424.html
- https://blog.vastart.dev/2019/10/stack-overflow-cve-2019-17424.html
- https://code.google.com/archive/p/nipper-ng/source/default/source
- https://code.google.com/archive/p/nipper-ng/source/default/source
- https://github.com/guywhataguy/CVE-2019-17424
- https://github.com/guywhataguy/CVE-2019-17424
- https://twitter.com/va_start
- https://twitter.com/va_start