CVE-2018-3970

Published: Oct 25, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.

Affected (1)

Products: Sophos: Hitmanpro.alert

1 product

Hitmanpro.alert

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sophos Hitmanpro.alert	Version 3.7.6.744

Related CWEs

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (4)

http://www.securityfocus.com/bid/105743

Source: talos-cna@cisco.com

Broken LinkThird Party AdvisoryVDB Entry

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0635

Source: talos-cna@cisco.com

ExploitThird Party Advisory

http://www.securityfocus.com/bid/105743

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0635

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.