Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by rawether_project

    CVE-2017-3196 (GCVE-0-2017-3196)

    Vulnerability from nvd – Published: 2017-12-15 14:00 – Updated: 2024-08-05 14:16
    VLAI
    Summary
    PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    Date Public
    2017-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:16:28.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.rewolf.pl/blog/?p=1778"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/"
              },
              {
                "name": "VU#600671",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/600671"
              },
              {
                "name": "96993",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96993/discuss"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ASUS PCE-AC56 WLAN Card Utilities",
              "vendor": "Printing Communications Assoc., Inc. (PCAUSA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "Unknown"
                }
              ]
            }
          ],
          "datePublic": "2017-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver\u0027s receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-15T13:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.rewolf.pl/blog/?p=1778"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/"
            },
            {
              "name": "VU#600671",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/600671"
            },
            {
              "name": "96993",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96993/discuss"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2017-3196",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ASUS PCE-AC56 WLAN Card Utilities",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Unknown"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Printing Communications Assoc., Inc. (PCAUSA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver\u0027s receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://blog.rewolf.pl/blog/?p=1778",
                  "refsource": "MISC",
                  "url": "http://blog.rewolf.pl/blog/?p=1778"
                },
                {
                  "name": "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/",
                  "refsource": "MISC",
                  "url": "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/"
                },
                {
                  "name": "VU#600671",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/600671"
                },
                {
                  "name": "96993",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96993/discuss"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2017-3196",
        "datePublished": "2017-12-15T14:00:00.000Z",
        "dateReserved": "2016-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:16:28.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3196 (GCVE-0-2017-3196)

    Vulnerability from cvelistv5 – Published: 2017-12-15 14:00 – Updated: 2024-08-05 14:16
    VLAI
    Summary
    PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver's receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
    Assigner
    References
    Date Public
    2017-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:16:28.231Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.rewolf.pl/blog/?p=1778"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/"
              },
              {
                "name": "VU#600671",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/600671"
              },
              {
                "name": "96993",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96993/discuss"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "ASUS PCE-AC56 WLAN Card Utilities",
              "vendor": "Printing Communications Assoc., Inc. (PCAUSA)",
              "versions": [
                {
                  "status": "affected",
                  "version": "Unknown"
                }
              ]
            }
          ],
          "datePublic": "2017-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver\u0027s receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-119",
                  "description": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-15T13:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.rewolf.pl/blog/?p=1778"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/"
            },
            {
              "name": "VU#600671",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "https://www.kb.cert.org/vuls/id/600671"
            },
            {
              "name": "96993",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96993/discuss"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2017-3196",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "ASUS PCE-AC56 WLAN Card Utilities",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Unknown"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Printing Communications Assoc., Inc. (PCAUSA)"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "PCAUSA Rawether framework does not properly validate BPF data, allowing a crafted malicious BPF program to perform operations on memory outside of its typical bounds on the driver\u0027s receipt of network packets. Local attackers can exploit this issue to execute arbitrary code with SYSTEM privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://blog.rewolf.pl/blog/?p=1778",
                  "refsource": "MISC",
                  "url": "http://blog.rewolf.pl/blog/?p=1778"
                },
                {
                  "name": "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/",
                  "refsource": "MISC",
                  "url": "https://www.itsecuritynews.info/vuln-printing-communications-association-rawether-cve-2017-3196-local-privilege-escalation-vulnerability/"
                },
                {
                  "name": "VU#600671",
                  "refsource": "CERT-VN",
                  "url": "https://www.kb.cert.org/vuls/id/600671"
                },
                {
                  "name": "96993",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96993/discuss"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2017-3196",
        "datePublished": "2017-12-15T14:00:00.000Z",
        "dateReserved": "2016-12-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T14:16:28.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }