Heap-based buffer overflow in Wibukey - CVE-2018-3991
Published: December 24, 2018
Vulnerability identifier: #VU16678
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-3991
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Wibu Systems
Affected software:
Wibukey
Wibukey
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow in the WkbProgramLow function of WibuKey Network server management when handling malicious input. A remote attacker can supply a specially crafted TCP package, trigger memory corruption and execute kernel level code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to heap-based buffer overflow in the WkbProgramLow function of WibuKey Network server management when handling malicious input. A remote attacker can supply a specially crafted TCP package, trigger memory corruption and execute kernel level code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2018-3991
Update to version 6.50.