CVE-2019-8960

HIGH

FlexNet Publisher 11.16.2 - Denial of Service via Command Handling

Title source: llm

Description

A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8960-remediated-in-FlexNet-Publisher/ta-p/124598/jump-to/first-unread-message

Scores

CVSS v3 7.5

EPSS 0.0128

EPSS Percentile 66.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-754

Status published

Products (1)

flexera/flexnet_publisher 11.16.2

Published Apr 21, 2020

Tracked Since Feb 18, 2026