CVE-2026-39929
Gravedad CVSS v4.0:
ALTA
Tipo:
CWE-125
Lectura fuera de límites
Fecha de publicación:
28/05/2026
Última modificación:
01/06/2026
Descripción
*** Pendiente de traducción *** Lakeside SysTrack Agent versions prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, 11.5.0.15 contain an out-of-bounds read vulnerability in the Command ID 30 UDP packet handler that allows remote attackers to crash the application by sending a specially crafted UDP packet. Attackers can send a malformed packet with an invalid memory address at offset 0x4 in the payload to trigger an access violation and cause a denial of service.
Impacto
Puntuación base 4.0
8.70
Gravedad 4.0
ALTA
Puntuación base 3.x
7.50
Gravedad 3.x
ALTA
Referencias a soluciones, herramientas e información
- https://documentation.lakesidesoftware.com/docs/112128-hotfix-agent-release-notes
- https://documentation.lakesidesoftware.com/docs/1130xxx-hotfix-agent-release-notes
- https://documentation.lakesidesoftware.com/docs/1140xxx-hotfix-agent-release-notes
- https://documentation.lakesidesoftware.com/docs/1150xxx-hotfix-agent-release-notes
- https://www.vulncheck.com/advisories/lakeside-systrack-agent-lsiagent-exe-out-of-bounds-read-via-udp



