Preface: A HEAP-Based buffer overflow vulnerability occurs when a program writes more data to a heap-allocated memory buffer than the buffer is designed to hold.
Background: Microsoft provides network virtualization in Hyper-V with Windows Server 2016 and 2019. With this feature, workloads on Hyper-V can connect to virtualized Layer 2 networks and traffic is routed between virtual networks in Hyper-V or to and from the physical network via gateways.
Vulnerability details: Windows Network Virtualization Remote Code Execution Vulnerability.
My speculation: The new SDN features starting from windows server 2016. Because Network Controller uses Representational State Transfer (REST) on its northbound interface with JavaScript Object Notation (JSON) payloads.
As a matter of fact, it is possible to exploit heap overflow techniques in the JavaScript interpreter. Are the vulnerabilities reported by Microsoft related to this factor?
Official announcement: Please refer to the url for details – https://nvd.nist.gov/vuln/detail/CVE-2024-38160