CVE-2018-5410 (GCVE-0-2018-5410)
Vulnerability from cvelistv5
Published
2019-01-07 14:00
Modified
2024-08-05 05:33
Severity ?
CWE
  • CWE-121 - Stack-based Buffer Overflow
Summary
Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.
References
Impacted products
Vendor Product Version
Dokan Open Source File System Version: 1.0.0.5000   < 1.0.0.5000*
Version: 1.2.0.1000   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.211Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#741315",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://kb.cert.org/vuls/id/741315/"
          },
          {
            "name": "46155",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46155/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cwe.mitre.org/data/definitions/121.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000"
          },
          {
            "name": "106274",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106274"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Open Source File System",
          "vendor": "Dokan",
          "versions": [
            {
              "lessThan": "1.0.0.5000*",
              "status": "affected",
              "version": "1.0.0.5000",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "1.2.0.1000",
              "status": "affected",
              "version": "1.2.0.1000",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Thanks to Parvez Anwar for reporting this vulnerability."
        }
      ],
      "datePublic": "2019-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-15T10:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "VU#741315",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://kb.cert.org/vuls/id/741315/"
        },
        {
          "name": "46155",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/46155/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cwe.mitre.org/data/definitions/121.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000"
        },
        {
          "name": "106274",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106274"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Dokan developers have released a new version, 1.2.1, that fixes this vulnerability by validating the user input."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Dokan file system driver contains a stack-based buffer overflow",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2018-5410",
          "STATE": "PUBLIC",
          "TITLE": "Dokan file system driver contains a stack-based buffer overflow"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Open Source File System",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003e=",
                            "version_affected": "\u003e=",
                            "version_name": "1.0.0.5000",
                            "version_value": "1.0.0.5000"
                          },
                          {
                            "affected": "\u003c=",
                            "version_affected": "\u003c=",
                            "version_name": "1.2.0.1000",
                            "version_value": "1.2.0.1000"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Dokan"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Thanks to Parvez Anwar for reporting this vulnerability."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-121: Stack-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#741315",
              "refsource": "CERT-VN",
              "url": "https://kb.cert.org/vuls/id/741315/"
            },
            {
              "name": "46155",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/46155/"
            },
            {
              "name": "https://cwe.mitre.org/data/definitions/121.html",
              "refsource": "MISC",
              "url": "https://cwe.mitre.org/data/definitions/121.html"
            },
            {
              "name": "https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000",
              "refsource": "CONFIRM",
              "url": "https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000"
            },
            {
              "name": "106274",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106274"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Dokan developers have released a new version, 1.2.1, that fixes this vulnerability by validating the user input."
          }
        ],
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2018-5410",
    "datePublished": "2019-01-07T14:00:00",
    "dateReserved": "2018-01-12T00:00:00",
    "dateUpdated": "2024-08-05T05:33:44.211Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-5410\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2019-01-07T13:29:00.280\",\"lastModified\":\"2024-11-21T04:08:46.063\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.\"},{\"lang\":\"es\",\"value\":\"Dokan, desde la versi\u00f3n 1.0.0.5000 hasta la 1.2.0.1000, es vulnerable a un desbordamiento de b\u00fafer basado en pila en el controlador dokan1.sys. Un atacante podr\u00eda crear un manejador de dispositivo en el controlador del sistema y enviar entradas arbitrarias que provocar\u00e1n esta vulnerabilidad. Se introdujo esta vulnerabilidad en la actualizaci\u00f3n de la versi\u00f3n 1.0.0.5000.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-121\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dokan_project:dokan:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0.5000\",\"versionEndExcluding\":\"1.2.0.1000\",\"matchCriteriaId\":\"EA11C5CE-2221-4DA0-8A90-73C1BF2F7113\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106274\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cwe.mitre.org/data/definitions/121.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://kb.cert.org/vuls/id/741315/\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.exploit-db.com/exploits/46155/\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/106274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cwe.mitre.org/data/definitions/121.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://kb.cert.org/vuls/id/741315/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.exploit-db.com/exploits/46155/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.