Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106274 | Third Party Advisory VDB Entry |
https://cwe.mitre.org/data/definitions/121.html | Third Party Advisory |
https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000 | Patch Third Party Advisory |
https://kb.cert.org/vuls/id/741315/ | Third Party Advisory US Government Resource |
https://www.exploit-db.com/exploits/46155/ | Exploit Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2019-01-07 13:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-5410
Mitre link : CVE-2018-5410
CVE.ORG link : CVE-2018-5410
JSON object : View
Products Affected
dokan_project
- dokan