CVE-2019-8961

HIGH

FlexNet Publisher 11.16.2 - Unauthenticated Denial of Service via Recursive Message Handling

Title source: llm

Description

A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2. Because the message reading function calls itself recursively given a certain condition in the received message, an unauthenticated remote attacker can repeatedly send messages of that type to cause a stack exhaustion condition.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://community.flexera.com/t5/FlexNet-Publisher-Knowledge-Base/CVE-2019-8961-remediated-in-FlexNet-Publisher/ta-p/124601/jump-to/first-unread-message

Scores

CVSS v3 7.5

EPSS 0.0176

EPSS Percentile 75.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-674

Status published

Products (1)

flexera/flexnet_publisher 11.16.2

Published Apr 21, 2020

Tracked Since Feb 18, 2026