PT-2019-13163 · Naver · Naver Cloud Explorer+1

F10W3R

Published

2019-09-03

Updated

2020-10-08

CVE-2019-13156

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Naver Cloud Explorer version 1.2.2

Description The issue is related to a stack-based buffer overflow in the NDrive(1.2.2).sys component. This overflow occurs when reading data from an IOCTL handle, allowing attackers to cause a denial of service.

Recommendations For version 1.2.2, consider restricting access to the NDrive(1.2.2).sys component until a patch is available. As a temporary workaround, avoid using the IOCTL handle that triggers the buffer overflow to minimize the risk of exploitation.

Fix

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

CVE-2019-13156

Affected Products

Ndrive.Sys

Naver Cloud Explorer

PT-2019-13163 · Naver · Naver Cloud Explorer+1

CVE-2019-13156

Weakness Enumeration

Related Identifiers

Affected Products

References · 2