CVE-2019-11490

Published: Apr 24, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Npcap 0.992. Sending a malformed .pcap file with the loopback adapter using either pcap_sendqueue_queue() or pcap_sendqueue_transmit() results in kernel pool corruption. This could lead to arbitrary code executing inside the Windows kernel and allow escalation of privileges.

Affected (1)

Products: Nmap: Npcap

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Nmap Npcap	Version 0.992

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (2)

https://github.com/nmap/nmap/issues/1568

Source: cve@mitre.org

ExploitIssue TrackingPatchThird Party Advisory

https://github.com/nmap/nmap/issues/1568

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingPatchThird Party Advisory

Timeline

No history available yet.