Volerion logoVolerion
Volerion logoVolerion

Gladinet Triofox Server Agent Unchecked NULL Pointer Dereference Vulnerability Leading to Denial-of-Service

Vulnerability

A vulnerability exists in Gladinet Triofox Server Agent versions prior to 17.1.10488.57063, where function calls to WOSCommonUtil.dll can return a NULL pointer if no user is logged into the Triofox Server Agent Management Console. This NULL pointer is not properly checked before being dereferenced, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a crash by dereferencing a NULL pointer, which disrupts the normal operation of the application.

Reproduction

The vulnerability can be reproduced by sending a request to the Triofox Server Agent Access Service on TCP port 7878, with the 'PMCMethod: GetSyncFolderList' header. If no user is logged into the Triofox Server Agent Management Console, the request will cause a NULL pointer dereference, leading to a crash.

Remediation

Users are advised to upgrade to Gladinet Triofox Server Agent version 17.3.10565.57509 or later.

Added: May 28, 2026, 3:23 AM
Updated: May 28, 2026, 3:23 AM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
2.5
exploitability
8.3
remediation
0.0
relevance
9.4
threat
6.4
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.