exploitDog

CVE-2019-15234

Опубликовано: 27 апр. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 7.8

EPSS Низкий

Описание

SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941.

Ссылки

https://github.com/nathunandwani/shareit-cwe-789
Exploit
Third Party Advisory
https://shareit.one/blog/
Vendor Advisory
https://github.com/nathunandwani/shareit-cwe-789
Exploit
Third Party Advisory
https://shareit.one/blog/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ushareit:shareit:*:*:*:*:*:windows:*:*

Версия до 4.0.6.177 (включая)

EPSS

Процентиль: 58%

0.00367

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-770

Связанные уязвимости

GHSA-5j4x-8x28-q6r2

CVSS3: 7.5

github

больше 3 лет назад

SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941.

EPSS

Процентиль: 58%

0.00367

Низкий

7.5 High

CVSS3

7.8 High

CVSS2

Дефекты

CWE-770