CVE-2024-21894
CRITICALDescription
A heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure allows an unauthenticated malicious user to send specially crafted requests in-order-to crash the service thereby causing a DoS attack. In certain conditions this may lead to execution of arbitrary code
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | connect_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
| ivanti | policy_secure |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-21894? +
How severe is CVE-2024-21894? +
What products are affected by CVE-2024-21894? +
How do I check if I'm vulnerable to CVE-2024-21894? +
Related Vulnerabilities
The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. …
editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have …
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary.
Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from …
We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS …
An Out-of-bounds Write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation …