CVE-2019-3846

Exploit

EPSS 0.38%
Veröffentlicht 03.06.2019 19:29:02
Zuletzt bearbeitet 21.11.2024 04:42:41
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 31

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 3.0 < 3.16.70

Linux ≫ Linux Kernel Version >= 3.17 < 4.4.186

Linux ≫ Linux Kernel Version >= 4.5 < 4.9.186

Linux ≫ Linux Kernel Version >= 4.10 < 4.14.134

Linux ≫ Linux Kernel Version >= 4.15 < 4.19.59

Linux ≫ Linux Kernel Version >= 4.20 < 5.1.18

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version19.04

Netapp ≫ A700s Firmware Version-

Netapp ≫ A700s Version-

Netapp ≫ Cn1610 Firmware Version-

Netapp ≫ Cn1610 Version-

Netapp ≫ H610s Firmware Version-

Netapp ≫ H610s Version-

Netapp ≫ Active Iq Unified Manager For Vmware Vsphere Version >= 9.5

Netapp ≫ Hci Management Node Version-

Netapp ≫ Solidfire Version-

Fedoraproject ≫ Fedora Version29

Fedoraproject ≫ Fedora Version30

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Opensuse ≫ Leap Version15.0

Opensuse ≫ Leap Version15.1

Opensuse ≫ Leap Version42.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.584

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	8.3	6.5	10	AV:A/AC:L/Au:N/C:C/I:C/A:C
secalert@redhat.com	8	2.1	5.9	CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html

Third Party Advisory

Mailing List

https://usn.ubuntu.com/4094-1/

Third Party Advisory

https://usn.ubuntu.com/4118-1/

Third Party Advisory