Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106274 | Third Party Advisory VDB Entry |
https://cwe.mitre.org/data/definitions/121.html | Third Party Advisory |
https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000 | Patch Third Party Advisory |
https://kb.cert.org/vuls/id/741315/ | Third Party Advisory US Government Resource |
https://www.exploit-db.com/exploits/46155/ | Exploit Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/106274 | Third Party Advisory VDB Entry |
https://cwe.mitre.org/data/definitions/121.html | Third Party Advisory |
https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000 | Patch Third Party Advisory |
https://kb.cert.org/vuls/id/741315/ | Third Party Advisory US Government Resource |
https://www.exploit-db.com/exploits/46155/ | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 04:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/106274 - Third Party Advisory, VDB Entry | |
References | () https://cwe.mitre.org/data/definitions/121.html - Third Party Advisory | |
References | () https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000 - Patch, Third Party Advisory | |
References | () https://kb.cert.org/vuls/id/741315/ - Third Party Advisory, US Government Resource | |
References | () https://www.exploit-db.com/exploits/46155/ - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2019-01-07 13:29
Updated : 2024-11-21 04:08
NVD link : CVE-2018-5410
Mitre link : CVE-2018-5410
CVE.ORG link : CVE-2018-5410
JSON object : View
Products Affected
dokan_project
- dokan