CVE-2018-11488

Published: May 29, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request.

Affected (1)

Products: Dtsearch: Dtsearch

Dtsearch

1 product

Dtsearch

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dtsearch Dtsearch	Up to 7.90.8538.1

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (6)

https://github.com/bitsadmin/exploits/tree/master/CVE-2018-11488

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.dtsearch.com/ReleaseNotes.html

Source: cve@mitre.org

Release NotesVendor Advisory

https://www.dtsearch.com/ReleaseNotesBeta.html

Source: cve@mitre.org

Release NotesVendor Advisory

https://github.com/bitsadmin/exploits/tree/master/CVE-2018-11488

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.dtsearch.com/ReleaseNotes.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.dtsearch.com/ReleaseNotesBeta.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.