Vulnerability Description
Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dokan-Dev | Dokany | >= 1.0.0.5000, < 1.2.0.1000 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106274Third Party AdvisoryVDB Entry
- https://cwe.mitre.org/data/definitions/121.htmlThird Party Advisory
- https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000PatchThird Party Advisory
- https://kb.cert.org/vuls/id/741315/Third Party AdvisoryUS Government Resource
- https://www.exploit-db.com/exploits/46155/ExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/106274Third Party AdvisoryVDB Entry
- https://cwe.mitre.org/data/definitions/121.htmlThird Party Advisory
- https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000PatchThird Party Advisory
- https://kb.cert.org/vuls/id/741315/Third Party AdvisoryUS Government Resource
- https://www.exploit-db.com/exploits/46155/ExploitThird Party AdvisoryVDB Entry
FAQ
What is CVE-2018-5410?
CVE-2018-5410 is a vulnerability with a CVSS score of 7.8 (HIGH). Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitr...
How severe is CVE-2018-5410?
CVE-2018-5410 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5410?
Check the references section above for vendor advisories and patch information. Affected products include: Dokan-Dev Dokany.