CVE-2018-25233

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions WebDrive version 18.00.5057

Description WebDrive 18.00.5057 contains a denial of service issue that allows local attackers to crash the application. This occurs by providing an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer overflow payload of 5000 bytes in the username parameter and trigger a connection test to cause the application to crash.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, limit the length of the username input field during Secure WebDAV connection setup.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-233

Related Identifiers

CVE-2018-25233

Affected Products

Webdrive

CVE-2018-25233

Weakness Enumeration

Related Identifiers

Affected Products

References · 6