Citrix NetScaler ADC and Gateway Memory Overflow Vulnerability Leading to Remote Code Execution and Denial-of-Service

A memory overflow vulnerability has been identified in Citrix NetScaler ADC and NetScaler Gateway. This vulnerability can lead to remote code execution and/or denial-of-service. It is present in NetScaler versions 14.1 prior to 14.1-47.48, 13.1 prior to 13.1-59.22, as well as in NetScaler ADC 13.1-FIPS and NDcPP versions prior to 13.1-37.241-FIPS and NDcPP, and NetScaler ADC 12.1-FIPS and NDcPP versions prior to 12.1-55.330-FIPS and NDcPP. The vulnerability occurs under several conditions: when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server; or when LB virtual servers of type HTTP, SSL, or HTTP_QUIC are bound with IPv6 services or service groups containing IPv6 servers, or DBS IPv6 services or groups with IPv6 DBS servers. Additionally, CR virtual servers of type HDX are affected.

Impact

Exploitation of this vulnerability leads to memory overflow, allowing for remote code execution or causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, configure a NetScaler ADC or Gateway instance with a VPN virtual server, ICA Proxy, CVPN, RDP Proxy, or AAA virtual server. Alternatively, set up an LB virtual server of type HTTP, SSL, or HTTP_QUIC bound with IPv6 services or service groups containing IPv6 servers, or DBS IPv6 services or groups with IPv6 DBS servers. This vulnerability can also be reproduced on a CR virtual server with type HDX.

Remediation

Affected customers should upgrade to NetScaler ADC and NetScaler Gateway versions 14.1-47.48 or later, 13.1-59.22 or later, 13.1-37.241-FIPS and NDcPP or later, or 12.1-55.330-FIPS and NDcPP or later. NetScaler ADC and NetScaler Gateway versions 12.1 and 13.0 are now End Of Life and no longer supported.