CVE-2024-23531: Integer Overflow
First published: Fri Apr 19 2024(Updated: )
An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti Avalanche | <6.4.3 | |
| Ivanti Avalanche | <6.4.3.528 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-23531?
CVE-2024-23531 has a high severity due to the potential for denial of service attacks.
How do I fix CVE-2024-23531?
To mitigate CVE-2024-23531, update Ivanti Avalanche to version 6.4.3 or later.
What component is affected by CVE-2024-23531?
CVE-2024-23531 affects the WLInfoRailService component of Ivanti Avalanche.
Can CVE-2024-23531 be exploited by an authenticated user?
No, CVE-2024-23531 can be exploited by an unauthenticated remote attacker.
What kind of impact can CVE-2024-23531 have?
CVE-2024-23531 can lead to denial of service attacks and potentially reading content from memory in rare conditions.
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- vendor/ivanti
- canonical/ivanti avalanche