CVE-2019-3634 — Improper Restriction of Operations within the Bounds of a Memory Buffer in LLC Data Loss Prevention FOR Windows

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 86.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Data Loss Prevention FOR Windows Mcafee Data Loss Prevention Endpoint

Timeline

PublishedAug 21

Latest updateMay 24

Description

Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5mcafee_llc/data_loss_prevention_for_windows11.x — 11.3.2.8

▶NVDmcafee/data_loss_prevention_endpoint11.3.0 — 11.3.2.82

🔴Vulnerability Details

GHSA

GHSA-xvfh-6p3w-w7rr: Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11↗2022-05-24

▶

CVEList

Buffer overflow in DLP Endpoint for Windows↗2019-08-21

▶