CVE-2021-27203 - OpenCVE

In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Dekart	Private Disk

Configuration 1 [-]

cpe:2.3:a:dekart:private_disk:2.15:*:*:*:*:*:*:*

References

Link	Resource
https://www.dekart.com/products/encryption/private_disk	Product Vendor Advisory
https://www.rootshellsecurity.net/rootshell-discover-denial-of-service-flaw-dekart-private-disk-encryption-software/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-16T19:52:37

Updated: 2021-02-16T19:52:37

Reserved: 2021-02-12T00:00:00

Link: CVE-2021-27203

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-02-16T20:15:16.407

Modified: 2021-02-22T14:51:35.917

Link: CVE-2021-27203

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dekart:private_disk:2.15:*:*:*:*:*:*:*", "matchCriteriaId": "513BACB0-D083-43E5-B3FB-7DBB00F6304A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing."}, {"lang": "es", "value": "En Dekart Private Disk versi\u00f3n 2.15, un uso no v\u00e1lido del b\u00fafer del usuario Type3 para c\u00f3digos IOCTL usando METHOD_NEITHER da como resultado una desreferencia de memoria arbitraria"}], "id": "CVE-2021-27203", "lastModified": "2021-02-22T14:51:35.917", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-16T20:15:16.407", "references": [{"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://www.dekart.com/products/encryption/private_disk"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.rootshellsecurity.net/rootshell-discover-denial-of-service-flaw-dekart-private-disk-encryption-software/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}