CVE-2018-19523: Buffer Overflow
First published: Thu Jan 03 2019(Updated: )
DriverAgent 2.2015.7.14, which includes DrvAgent64.sys 1.0.0.1, allows a user to send an IOCTL (0x80002068) with a user defined buffer size. If the size of the buffer is less than 512 bytes, then the driver will overwrite the next pool header if there is one next to the user buffer's pool.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jenkins Azure VM Agents | =2.2015.7.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-19523?
CVE-2018-19523 is classified as a medium severity vulnerability due to the potential for buffer overflow leading to memory corruption.
How do I fix CVE-2018-19523?
To mitigate CVE-2018-19523, upgrade to a version of DriverAgent that does not include DrvAgent64.sys 1.0.0.1.
What systems are affected by CVE-2018-19523?
CVE-2018-19523 affects DriverAgent version 2.2015.7.14 which contains the vulnerable DrvAgent64.sys driver.
What are the risks associated with CVE-2018-19523?
Exploitation of CVE-2018-19523 can lead to unauthorized access and control over the affected system due to memory corruption.
Can CVE-2018-19523 be exploited remotely?
CVE-2018-19523 typically requires local access to exploit, as it involves sending specific IOCTL commands to the driver.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/driveagent
- canonical/jenkins azure vm agents
- version/jenkins azure vm agents/2.2015.7.14