A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347.
CVE-2019-1343
This medium-severity CVE scores 6.5 under NVD CVSS v3. EPSS exploit probability: 31.3%, top 3% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
- Lower severity and no public exploit yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 6.5
- EG Score
- 6.5(medium)
- EPSS
- 95.1%
- KEV
- Not listed
Published
October 10, 2019
Last Modified
November 21, 2024
References (4)
- secure@microsofthttp://packetstormsecurity.com/files/154798/Microsoft-Windows-Kernel-nt-MiOffsetToProtos-NULL-Pointer-Dereference.html
- secure@microsofthttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1343
- af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/154798/Microsoft-Windows-Kernel-nt-MiOffsetToProtos-NULL-Pointer-Dereference.html
- af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1343
All Vendor Advisories
(1)
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
Publicly available exploits
(1 reference)Working exploit code is in the public domain (1 Exploit-DB entry). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
- Exploit-DBEDB-47485✓ verifiedFirst seen Oct 10, 2019
Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Open source ↗
Frequently asked(5)
What is CVE-2019-1343?
When was CVE-2019-1343 disclosed?
Is CVE-2019-1343 actively exploited?
What is the CVSS score of CVE-2019-1343?
How do I remediate CVE-2019-1343?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2019-1343
Is Your Infrastructure Affected by CVE-2019-1343?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.