CVE-2023-0908 - OpenCVE

A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221457 was assigned to this vulnerability.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:L/Au:S/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xoslab	Easy File Locker

Configuration 1 [-]

cpe:2.3:a:xoslab:easy_file_locker:2.2.0.184:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-0908
https://vuldb.com/?ctiid.221457
https://vuldb.com/?id.221457

History

No history.

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2023-02-18T07:55:18.522Z

Updated: 2024-08-02T05:24:34.717Z

Reserved: 2023-02-18T07:54:56.843Z

Link: CVE-2023-0908

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-18T08:15:42.657

Modified: 2024-05-17T02:17:38.403

Link: CVE-2023-0908

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0908", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-02-18T07:54:56.843Z", "datePublished": "2023-02-18T07:55:18.522Z", "dateUpdated": "2024-08-02T05:24:34.717Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-20T21:21:17.306Z"}, "title": "Xoslab Easy File Locker xlkfs.sys MessageNotifyCallback denial of service", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "CWE-404 Denial of Service"}]}], "affected": [{"vendor": "Xoslab", "product": "Easy File Locker", "versions": [{"version": "2.2.0.184", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221457 was assigned to this vulnerability."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in Xoslab Easy File Locker 2.2.0.184 gefunden. Es geht dabei um die Funktion MessageNotifyCallback in der Bibliothek xlkfs.sys. Mittels dem Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C"}}], "timeline": [{"time": "2023-02-18T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-02-18T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-02-18T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-03-23T08:08:30.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Zeze7w (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.221457", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.221457", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-0908", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:24:34.717Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.221457", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.221457", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-0908", "tags": ["exploit", "x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xoslab:easy_file_locker:2.2.0.184:*:*:*:*:*:*:*", "matchCriteriaId": "9C72BD2D-77A7-4C0C-A794-405695DD13EB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221457 was assigned to this vulnerability."}], "id": "CVE-2023-0908", "lastModified": "2024-05-17T02:17:38.403", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 4.6, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-02-18T08:15:42.657", "references": [{"source": "cna@vuldb.com", "tags": ["Third Party Advisory"], "url": "https://github.com/zeze-zeze/WindowsKernelVuln/tree/master/CVE-2023-0908"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.221457"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.221457"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Secondary"}]}