CVE-2019-15234 — HIGH (7.5)

Q: How severe is CVE-2019-15234?

CVE-2019-15234 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-15234?

Check the references section above for vendor advisories and patch information. Affected products include: Ushareit Shareit.

Vulnerability Description

SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ushareit	Shareit	<= 4.0.6.177

Related Weaknesses (CWE)

CWE-770

References

https://github.com/nathunandwani/shareit-cwe-789ExploitThird Party Advisory
https://shareit.one/blog/Vendor Advisory
https://github.com/nathunandwani/shareit-cwe-789ExploitThird Party Advisory
https://shareit.one/blog/Vendor Advisory

FAQ

What is CVE-2019-15234?

CVE-2019-15234 is a vulnerability with a CVSS score of 7.5 (HIGH). SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of serv...

How severe is CVE-2019-15234?

CVE-2019-15234 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-15234?

Check the references section above for vendor advisories and patch information. Affected products include: Ushareit Shareit.