How severe is CVE-2019-3973?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2019-3973?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2019-3973 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

Comodo Antivirus versions 11.0.0.6582 and below are vulnerable to Denial of Service affecting CmdGuard.sys via its filter port "cmdServicePort". A low privileged process can crash CmdVirth.exe to decrease the port's connection count followed by process hollowing a CmdVirth.exe instance with malicious code to obtain a handle to "cmdServicePort". Once this occurs, a specially crafted message can be sent to "cmdServicePort" using "FilterSendMessage" API. This can trigger an out-of-bounds write if lpOutBuffer parameter in FilterSendMessage API is near the end of specified buffer bounds. The crash occurs when the driver performs a memset operation which uses a size beyond the size of buffer specified, causing kernel crash.

Related Vulnerabilities

CVE-2012-4900

MEDIUM

CVSS:5.5(Medium)

Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference

CWE-7872012

CVE-2015-5158

MEDIUM

CVSS:5.5(Medium)

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance cr...

CWE-7872015

CVE-2016-10246

MEDIUM

CVSS:5.5(Medium)

Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted f...

CWE-7872016

CVE-2016-10247

MEDIUM

CVSS:5.5(Medium)

Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a cra...

CWE-7872016

CVE-2016-4289

MEDIUM

CVSS:5.5(Medium)

A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflo...

CWE-7872016

CVE-2016-5310

MEDIUM

CVSS:5.5(Medium)

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec E...

CWE-7872016