Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-0833NULL Pointer Dereference in Corporation Server Message Block

CWE-476NULL Pointer Dereference5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
74.5%
top 1.14%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Microsoft Corporation Server Message BlockMicrosoft Windows Server 2012Msrc Windows 8.1 FOR 32-bit Systems+3 more
Timeline
PublishedFeb 15
Latest updateMay 14

Description

The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability".

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages6 packages

CVEListV5microsoft_corporation/server_message_blockWindows 8.1 and RT 8.1 and Windows Server 2012 R2

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-m84f-8362-3v3c: The Microsoft Server Message Block 22022-05-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows 8.1/2012 R2 - SMBv3 Null Pointer Dereference Denial of Service2018-02-27

🔍Detection Rules

1
Suricata
ET EXPLOIT SMB Null Pointer Dereference PoC Inbound (CVE-2018-0833)2018-08-08

📋Vendor Advisories

1
Microsoft
Windows Denial of Service Vulnerability2018-02-13