CVE-2018-25233

Summary

WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-overflow payload of 5000 bytes in the username parameter and trigger a connection test to cause the application to crash.

Affected Software

VendorProductVersion RangeStatus
WebdriveWebDrive18.00.5057affected

Weaknesses

  • CWE-233: Improper Handling of Parameters

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References