Heap Overflow Vulnerability in Netskope Endpoint DLP's Content Control Driver
CVE-2024-11616
Key Information:
- Vendor
- Netskope Inc.
- Status
- Endpoint Dlp
- Vendor
- CVE Published:
- 19 December 2024
Badges
Summary
CVE-2024-11616 is a critical heap overflow vulnerability affecting Netskope Endpoint DLP’s Content Control Driver. The issue stems from a double-fetch condition within the EpdlpSetUsbAction function, where the NumberOfBytes and Length arguments are derived independently from user-supplied input. This allows an attacker with administrative privileges to exploit the vulnerability by manipulating the length value between two calls, resulting in memory being copied outside the allocated buffer. This condition can lead to serious security risks, including potential system instability and unauthorized access. Users are advised to upgrade to the latest version to mitigate these threats.
Affected Version(s)
Endpoint DLP Windows 118.0.0; 0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved