Vulnerability-Lookup

CNVD-2020-32882

Vulnerability from cnvd - Published: 2020-06-13

Title

SHAREit资源管理错误漏洞（CNVD-2020-32882）

Description

SHAREit是中国众联极享科技（SHAREit）公司的一款内容分发应用程序。该程序主要用于设备之间的文件传输。 SHAREit 4.0.6.177及之前版本中存在安全漏洞，该漏洞源于程序未能检查所接收数据包头中的主体长度。攻击者可利用该漏洞造成拒绝服务。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法：

https://shareit.one/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-14941

Impacted products

Name
SHAREit SHAREit <=4.0.6.177

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-14941"
    }
  },
  "description": "SHAREit\u662f\u4e2d\u56fd\u4f17\u8054\u6781\u4eab\u79d1\u6280\uff08SHAREit\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5185\u5bb9\u5206\u53d1\u5e94\u7528\u7a0b\u5e8f\u3002\u8be5\u7a0b\u5e8f\u4e3b\u8981\u7528\u4e8e\u8bbe\u5907\u4e4b\u95f4\u7684\u6587\u4ef6\u4f20\u8f93\u3002\n\nSHAREit 4.0.6.177\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u68c0\u67e5\u6240\u63a5\u6536\u6570\u636e\u5305\u5934\u4e2d\u7684\u4e3b\u4f53\u957f\u5ea6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\n\r\nhttps://shareit.one/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-32882",
  "openTime": "2020-06-13",
  "products": {
    "product": "SHAREit SHAREit \u003c=4.0.6.177"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-14941",
  "serverity": "\u9ad8",
  "submitTime": "2020-04-28",
  "title": "SHAREit\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-32882\uff09"
}

CVE-2019-14941 (GCVE-0-2019-14941)

Vulnerability from cvelistv5 – Published: 2020-04-27 16:08 – Updated: 2024-08-05 00:34

Summary

SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://shareit.one/blog/	x_refsource_MISC
	https://github.com/nathunandwani/shareit-cwe-789	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:34:52.549Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://shareit.one/blog/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nathunandwani/shareit-cwe-789"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-27T16:08:24",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://shareit.one/blog/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nathunandwani/shareit-cwe-789"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14941",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://shareit.one/blog/",
              "refsource": "MISC",
              "url": "https://shareit.one/blog/"
            },
            {
              "name": "https://github.com/nathunandwani/shareit-cwe-789",
              "refsource": "MISC",
              "url": "https://github.com/nathunandwani/shareit-cwe-789"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14941",
    "datePublished": "2020-04-27T16:08:24",
    "dateReserved": "2019-08-11T00:00:00",
    "dateUpdated": "2024-08-05T00:34:52.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-32882

CVE-2019-14941 (GCVE-0-2019-14941)

Tags

Sightings

Nomenclature