CVE-2024-45182

Vulnerability

An improper bounds check vulnerability exists in the WibuKey64.sys driver of WIBU-SYSTEMS WibuKey versions before v6.70. The driver fails to properly validate packet boundaries, allowing specially crafted packets to trigger an arbitrary address read. This issue is fixed in version v6.70 [1].

Exploitation

An attacker can exploit this vulnerability by sending specially crafted packets to the WibuKey64.sys driver. The attacker does not require authentication but must have the ability to communicate with the driver, typically from a local process or over the network if the driver exposes an interface. The improper bounds check allows the attacker to cause the driver to read from an arbitrary memory address.

Impact

Successful exploitation results in an arbitrary address read, which can lead to a denial of service (DoS) condition. The driver may crash or become unresponsive, disrupting the software protection and licensing services provided by WibuKey.

Mitigation

The vulnerability is fixed in WibuKey version v6.70 [1]. Users should update to this version or later. No workarounds are disclosed in the available references. The vendor has not listed this CVE in the Known Exploited Vulnerabilities (KEV) catalog.