← Back

CVE-2018-20033

nvd nist
Published: Feb 25, 2019Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated.

Affected (2)

Flexera
1 product
Flexnet Publisher
Oracle
1 product
Communications Lsms
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Flexnet Publisher
Up to 11.16.1.0
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Communications Lsms
From 13.1 to 13.4

Related CWEs

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (6)

Source: PSIRT-CNA@flexerasoftware.com
Broken Link
Source: PSIRT-CNA@flexerasoftware.com
Not ApplicableVendor Advisory
Source: PSIRT-CNA@flexerasoftware.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Not ApplicableVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.