A buffer overflow arises when the data in a buffer surpasses its storage capacity. This surplus data spills into nearby memory locations, causing corruption or overwriting of such data.
CVE-2023-32560 could allow a threat actor to send a specially designed message to the Wavelink Avalanche Manager, potentially causing service disruption or the execution of arbitrary code.
The vulnerability affects WLAvanacheServer.exe v22.214.171.124 and older and has been reported by Tenable researchers in April 2023. They also shared a PoC exploit with Ivanti, and have released additional technical information on August 14.