An off-by-one error in WLInfoRailService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.
Weakness
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Avalanche | Ivanti | 6.3.1 (including) | 6.3.1 (including) |
| Avalanche | Ivanti | 6.3.1.1507 (including) | 6.3.1.1507 (including) |
| Avalanche | Ivanti | 6.3.2 (including) | 6.3.2 (including) |
| Avalanche | Ivanti | 6.3.2.3490 (including) | 6.3.2.3490 (including) |
| Avalanche | Ivanti | 6.3.3 (including) | 6.3.3 (including) |
| Avalanche | Ivanti | 6.3.3.101 (including) | 6.3.3.101 (including) |
| Avalanche | Ivanti | 6.3.4 (including) | 6.3.4 (including) |
| Avalanche | Ivanti | 6.3.4.153 (including) | 6.3.4.153 (including) |
| Avalanche | Ivanti | 6.4.0 (including) | 6.4.0 (including) |
| Avalanche | Ivanti | 6.4.1 (including) | 6.4.1 (including) |
| Avalanche | Ivanti | 6.4.1.207 (including) | 6.4.1.207 (including) |
| Avalanche | Ivanti | 6.4.1.236 (including) | 6.4.1.236 (including) |
| Avalanche | Ivanti | 6.4.2 (including) | 6.4.2 (including) |