| Titel | Uncontrolled Memory Allocation on ShareIt 4.0.6.177 for Windows |
|---|
| Beschreibung | A vulnerability classified as problematic has been found in ShareIt x.x.x.x for Windows. This affects the unsecured and secured channel for file transfers. A specially crafted packet can be sent to instruct the application to allocate an arbitrary memory size. CWE is classifying the issue as CWE-789 . This is going to have an impact on availability. An attacker might be able to exploit the vulnerability by sending a malicious packet to theoretically allocate memory of up to 2 GB while the application is running affecting the resources of the host.
This vulnerability is uniquely identified as CVE-2019-14941 for the unsecured channel and CVE-2019-15234 for the secured channel. It is possible to initiate the attack in a logically adjacent network. No authentication is needed for exploitation.
A public exploit is shared for download at github.com (https://github.com/nathunandwani/shareit-cwe-789). It is declared as proof-of-concept. No patch is available from the vendor. It is recommended to close the application when not in use. |
|---|
| Quelle | ⚠️ https://github.com/nathunandwani/shareit-cwe-789 |
|---|
| Benutzer | nathunandwani (UID 862) |
|---|
| Einreichung | 24.04.2020 19:22 (vor 6 Jahren) |
|---|
| Moderieren | 28.04.2020 10:02 (4 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 154420 [SHAREit bis 4.0.6.177 Message Length Packet Denial of Service] |
|---|
| Punkte | 20 |
|---|