CVE-2019-25546

CVSS v3.1

6.2

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions NetAware version 1.20

Description NetAware version 1.20 includes a buffer overflow issue in the Share Name field. Local attackers can exploit this to crash the application by providing a string that is too long. Specifically, attackers can cause a denial of service by inputting a 1000-byte buffer into the Share Name parameter when adding a new share through the Manage Shares interface.

Recommendations Apply a fix that limits the length of the Share Name parameter to prevent excessively long strings from being processed.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2019-25546

Affected Products

Netware

CVE-2019-25546

Weakness Enumeration

Related Identifiers

Affected Products

References · 4