Lucene search

[email protected]CVE-2018-5410

HistoryJan 07, 2019 - 2:00 p.m.

CVE-2018-5410

2019-01-0714:00:00

CWE-121

CWE-787

[email protected]

web.nvd.nist.gov

dokan

cve-2018-5410

buffer overflow

security vulnerability

dokan1.sys

nvd

dokan version

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.3%

JSON

Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.

Affected configurations

NVD

Node

dokan_projectdokanRange1.0.0.5000–1.2.0.1000

CPENameOperatorVersion
dokan_project:dokandokan project dokanlt1.2.0.1000

CPE	Name	Operator	Version
dokan_project:dokan	dokan project dokan	lt	1.2.0.1000

CNA Affected

[
  {
    "product": "Open Source File System",
    "vendor": "Dokan",
    "versions": [
      {
        "lessThan": "1.0.0.5000*",
        "status": "affected",
        "version": "1.0.0.5000",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.2.0.1000",
        "status": "affected",
        "version": "1.2.0.1000",
        "versionType": "custom"
      }
    ]
  }
]