| Title | Uncontrolled Memory Allocation on ShareIt 4.0.6.177 for Windows |
|---|
| Description | A vulnerability classified as problematic has been found in ShareIt x.x.x.x for Windows. This affects the unsecured and secured channel for file transfers. A specially crafted packet can be sent to instruct the application to allocate an arbitrary memory size. CWE is classifying the issue as CWE-789 . This is going to have an impact on availability. An attacker might be able to exploit the vulnerability by sending a malicious packet to theoretically allocate memory of up to 2 GB while the application is running affecting the resources of the host.
This vulnerability is uniquely identified as CVE-2019-14941 for the unsecured channel and CVE-2019-15234 for the secured channel. It is possible to initiate the attack in a logically adjacent network. No authentication is needed for exploitation.
A public exploit is shared for download at github.com (https://github.com/nathunandwani/shareit-cwe-789). It is declared as proof-of-concept. No patch is available from the vendor. It is recommended to close the application when not in use. |
|---|
| Source | ⚠️ https://github.com/nathunandwani/shareit-cwe-789 |
|---|
| User | nathunandwani (UID 862) |
|---|
| Submission | 04/24/2020 19:22 (6 years ago) |
|---|
| Moderation | 04/28/2020 10:02 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 154420 [SHAREit up to 4.0.6.177 Message Length Packet resource consumption] |
|---|
| Points | 20 |
|---|