What is CVE-2019-10882?

CVE-2019-10882 is a vulnerability in the Netskope client service, versions 57 before 57.2.0.219 and v60 before 60.2.0.214, that allows local users to trigger a stack-based buffer overflow.

What is the severity of CVE-2019-10882?

CVE-2019-10882 has a severity score of 7.8 (high).

Which software versions are affected by CVE-2019-10882?

Netskope client service versions 57 before 57.2.0.219 and v60 before 60.2.0.214 are affected by CVE-2019-10882.

What is the CWE (Common Weakness Enumeration) ID for CVE-2019-10882?

The CWE IDs for CVE-2019-10882 are 119, 787, and 120.

Where can I find more information about CVE-2019-10882 and how to fix it?

You can find more information about CVE-2019-10882 and how to fix it in the references provided: [Link 1](https://airbus-seclab.github.io/advisories/netskope.html), [Link 2](https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf), [Link 3](https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client).

Vulnerability/
CVE-2019-10882

high

7.8

CWE

787 120 119

17/5/2019

4/8/2024

CVE-2019-10882: Netskope client buffer overflow vulnerability

First published: Fri May 17 2019(Updated: )

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system.

Credit: cert@airbus.com

Affected Software	Affected Version	How to fix
Netskope	>=57<57.2.0.219
Netskope	>=60<60.2.0.214

Remedy

Remediations were applied in R62 onwards and retrospectively applied in golden releases R60.2.0.214 and R57.2.0.219. Link to latest support golden releases - https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-10882?
CVE-2019-10882 is a vulnerability in the Netskope client service, versions 57 before 57.2.0.219 and v60 before 60.2.0.214, that allows local users to trigger a stack-based buffer overflow.
What is the severity of CVE-2019-10882?
CVE-2019-10882 has a severity score of 7.8 (high).
Which software versions are affected by CVE-2019-10882?
Netskope client service versions 57 before 57.2.0.219 and v60 before 60.2.0.214 are affected by CVE-2019-10882.
What is the CWE (Common Weakness Enumeration) ID for CVE-2019-10882?
The CWE IDs for CVE-2019-10882 are 119, 787, and 120.
Where can I find more information about CVE-2019-10882 and how to fix it?
You can find more information about CVE-2019-10882 and how to fix it in the references provided: [Link 1](https://airbus-seclab.github.io/advisories/netskope.html), [Link 2](https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf), [Link 3](https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client).

agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/severity
agent/author
agent/last-modified-date
agent/references
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/netskope
canonical/netskope
version/netskope/57
version/netskope/60

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.