CVE-2018-3970
4
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return uninitialized memory, resulting in kernel memory disclosure. An attacker can send an IRP request to trigger this vulnerability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Talos | Sophos | Sophos Hitmanro.Alert - hmpalert.sys 3.7.6.744 | affected |
Weaknesses
- memory disclosure
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/105743
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0635
References
- http://www.securityfocus.com/bid/105743
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0635
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.