MidnightBSD

Advisories for dokan-dev

CVE-2018-20029 MEDIUM

The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-908,

Products Affected

Vendor Product Version
nomachine nomachine *
dokan-dev dokanfs 0.6.0
dokan-dev dokany 0.6.0
CVE-2018-5410 HIGH

Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-121,CWE-787,

Products Affected

Vendor Product Version
dokan-dev dokany *
dokan_project dokan *