What is the severity of CVE-2024-11616?

CVE-2024-11616 is classified as a high severity vulnerability due to its potential for exploitation through heap overflow.

How do I fix CVE-2024-11616?

To fix CVE-2024-11616, update your Netskope Endpoint DLP to a version later than R119, as recommended by the vendor.

What impact does CVE-2024-11616 have on my system?

CVE-2024-11616 could lead to arbitrary code execution due to the heap overflow vulnerability in the Content Control Driver.

What software is affected by CVE-2024-11616?

CVE-2024-11616 affects Netskope Endpoint DLP versions up to and including R119.

Is CVE-2024-11616 actively being exploited?

As of now, there are no reported active exploits for CVE-2024-11616, but it is advisable to address the vulnerability promptly.

Vulnerability/
CVE-2024-11616

medium

5.6

CWE

125

19/12/2024

20/12/2024

CVE-2024-11616: Double-fetch heap overflow

First published: Thu Dec 19 2024(Updated: )

Netskope was made aware of a security vulnerability in Netskope Endpoint DLP’s Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both independently dereference their value from the user supplied input buffer inside the EpdlpSetUsbAction function, known as a double-fetch. If this length value grows to a higher value in between these two calls, it will result in the RtlCopyMemory call copying user-supplied memory contents outside the range of the allocated buffer, resulting in a heap overflow. A malicious attacker will need admin privileges to exploit the issue. This issue affects Endpoint DLP version below R119.

Credit: psirt@netskope.com

Affected Software	Affected Version	How to fix
Netskope	<R119

Remedy

Netskope has patch the issue with R119 and onwards and have also backported to R117.1.6

Never miss a vulnerability like this again

Reference Links

https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-003

Frequently Asked Questions

What is the severity of CVE-2024-11616?
CVE-2024-11616 is classified as a high severity vulnerability due to its potential for exploitation through heap overflow.
How do I fix CVE-2024-11616?
To fix CVE-2024-11616, update your Netskope Endpoint DLP to a version later than R119, as recommended by the vendor.
What impact does CVE-2024-11616 have on my system?
CVE-2024-11616 could lead to arbitrary code execution due to the heap overflow vulnerability in the Content Control Driver.
What software is affected by CVE-2024-11616?
CVE-2024-11616 affects Netskope Endpoint DLP versions up to and including R119.
Is CVE-2024-11616 actively being exploited?
As of now, there are no reported active exploits for CVE-2024-11616, but it is advisable to address the vulnerability promptly.

agent/weakness
agent/remedy
agent/title
agent/references
agent/type
agent/description
agent/first-publish-date
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/netskope
canonical/netskope

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.