CVE-2019-8960
First published: Tue Apr 21 2020(Updated: )
A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Flexera Flexnet Publisher | =11.16.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2019-8960?
CVE-2019-8960 is a Denial of Service vulnerability related to command handling in FlexNet Publisher lmadmin.exe version 11.16.2.
How severe is CVE-2019-8960?
CVE-2019-8960 has a severity rating of 7.5 (high).
What software version is affected by CVE-2019-8960?
FlexNet Publisher lmadmin.exe version 11.16.2 is affected by CVE-2019-8960.
How can I fix CVE-2019-8960?
To fix CVE-2019-8960, update FlexNet Publisher to a version that includes the remediation provided by Flexera.
Where can I find more information about CVE-2019-8960?
You can find more information about CVE-2019-8960 on the Flexera Community page.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/flexera
- canonical/flexera flexnet publisher
- version/flexera flexnet publisher/11.16.2