CVE-2018-6319
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine.
En Sophos Tester Tool 3.2.0.7 Beta, el controlador acepta un código especial DeviceIoControl que no comprueba su argumento. Este argumento es una dirección de memoria: si un llamante pasa un puntero NULL o una dirección aleatoria inválida, el controlador provocará una pantalla azul de la muerte. Si un programa o malware realiza esto en tiempo de arranque, puede provocar una denegación de servicio (DoS) persistente en la máquina.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-26 CVE Reserved
- 2018-02-02 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://29wspy.ru/exploits/CVE-2018-6319.pdf | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sophos Search vendor "Sophos" | Sophos Tester Search vendor "Sophos" for product "Sophos Tester" | 3.2.0.7 Search vendor "Sophos" for product "Sophos Tester" and version "3.2.0.7" | beta |
Affected
| ||||||