RSS   Podatności dla 'Shareit'   RSS

2020-04-27
 
CVE-2019-15234

CWE-400
 

 
SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941.

 
 
CVE-2019-14941

CWE-400
 

 
SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation.

 
2019-03-22
 
CVE-2019-9939

CWE-287
 

 
The SHAREit application before 4.0.36 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to bypass authentication by trying to fetch a non-existing page. When the non-existing page is requested, the application responds with a 200 status code and empty page, and adds the requesting client device into the list of recognized devices.

 


Copyright 2024, cxsecurity.com

 

Back to Top