CVE-2018-5410 - Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow i

CVE-2018-5410

Summary

Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.

References

Vulnerable Configurations

cpe:2.3:a:dokan_project:dokan:1.0.0.5000:*:*:*:*:*:*:*
cpe:2.3:a:dokan_project:dokan:1.0.0.5000:*:*:*:*:*:*:*
cpe:2.3:a:dokan_project:dokan:1.0.1.1000:*:*:*:*:*:*:*
cpe:2.3:a:dokan_project:dokan:1.0.1.1000:*:*:*:*:*:*:*
cpe:2.3:a:dokan_project:dokan:1.0.2.1000:*:*:*:*:*:*:*
cpe:2.3:a:dokan_project:dokan:1.0.2.1000:*:*:*:*:*:*:*
cpe:2.3:a:dokan_project:dokan:1.0.3.1000:*:*:*:*:*:*:*
cpe:2.3:a:dokan_project:dokan:1.0.3.1000:*:*:*:*:*:*:*
cpe:2.3:a:dokan_project:dokan:1.0.4.1000:*:*:*:*:*:*:*
cpe:2.3:a:dokan_project:dokan:1.0.4.1000:*:*:*:*:*:*:*
cpe:2.3:a:dokan_project:dokan:1.0.5.1000:*:*:*:*:*:*:*
cpe:2.3:a:dokan_project:dokan:1.0.5.1000:*:*:*:*:*:*:*
cpe:2.3:a:dokan_project:dokan:1.1.0.1000:*:*:*:*:*:*:*
cpe:2.3:a:dokan_project:dokan:1.1.0.1000:*:*:*:*:*:*:*
cpe:2.3:a:dokan_project:dokan:1.1.0.2000:*:*:*:*:*:*:*
cpe:2.3:a:dokan_project:dokan:1.1.0.2000:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 18-09-2020 - 16:50)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	106274
cert-vn	VU#741315
confirm	https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000
exploit-db	46155
misc	https://cwe.mitre.org/data/definitions/121.html

Last major update

18-09-2020 - 16:50

Published

07-01-2019 - 13:29

Last modified

18-09-2020 - 16:50