Vulnerabilities > CVE-2018-6319 - NULL Pointer Dereference vulnerability in Sophos Tester 3.2.0.7

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
local
low complexity
sophos
CWE-476

Summary

In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special DeviceIoControl code that doesn't check its argument. This argument is a memory address: if a caller passes a NULL pointer or a random invalid address, the driver will cause a Blue Screen of Death. If a program or malware does this at boot time, it can cause a persistent denial of service on the machine.

Vulnerable Configurations

Part Description Count
Application
Sophos
1

Common Weakness Enumeration (CWE)