Lucene search

MitreCVE-2019-14941

HistoryApr 27, 2020 - 5:15 p.m.

CVE-2019-14941

2020-04-2717:15:13

CWE-770

mitre

web.nvd.nist.gov

shareit

cve-2019

security

denial of service

memory allocation

vulnerability

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

48.8%

JSON

SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation.

Affected configurations

Nvd

Node

ushareitshareitRange≤4.0.6.177windows

VendorProductVersionCPE
ushareitshareit*cpe:2.3:a:ushareit:shareit:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
ushareit	shareit	*	cpe:2.3:a:ushareit:shareit::::::windows::*

References

github.com/nathunandwani/shareit-cwe-789

shareit.one/blog/

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

48.8%

JSON

Related for CVE-2019-14941