Primary

Context

Netskope Client Memory Leak Vulnerability via Crafted DNS Packets

Vulnerability

A memory leak vulnerability has been identified in the Netskope Client (NS Client) for Windows, all versions prior to R129. This vulnerability allows a malicious actor to leak user-controllable memory by sending a crafted DNS packet to the affected machine. Exploitation may require administrative privileges, depending on the machine's configuration.

Impact

Exploitation of this vulnerability can lead to an out-of-bounds read, causing a memory leak of user-controllable data, specifically a domain name stored on the local machine.

Remediation

Netskope has released a security patch for this vulnerability in version R129 and above. Instructions for downloading the updated client are available on the Netskope Support website.

Added: Aug 14, 2025, 5:23 AM

Updated: Aug 14, 2025, 5:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.7

exploitability

4.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.7

exploitability

4.8

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netskope Client Memory Leak Vulnerability via Crafted DNS Packets

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating