The host is installed with Ivanti Avalanche 6.x before 6.4.2 and is prone to an out-of-bounds write vulnerability. A flaw is present in the applications which fails to properly crafted data packets sent to the Mobile Device Server. Successful exploitation allows attackers to cause denial of service (DoS) or code execution.