Docs > Security Advisories >

Buffer overflow in Windows filesystem driver (KB003)

Publication Date

2018 Dec 25


On Windows, the Keybase filesystem optionally mounts via drivers provided by the Dokan project. A stack-based buffer overflow in the dokan driver has been discovered by Parvez Anwar (@parvezghh) and reported by CERT Coordination Center as CVE-2018-5410. Dokan was not checking the length of the path argument during mount.

The Fix

The immediate fix was a change to Fix Buffer Overflow by adding mount length path check. After Dokan released a version containing this fix, Keybase added the upgraded package version and added a check to not mount to older drivers , and included these in a hotfix update, version 2.12.3-20181221135356+d161abd500.

Affected Versions

Keybase versions release prior to December 21, 2018 (commit 0752668), and prior to 2.12.3-20181221135356.


Upgrade to 2.12.3-20181221135356 or above, then follow the prompts to uninstall Dokan and install the newest version. Or, just install Dokan


  • 2018 December 11 — Dokan notifies Keybase of buffer overflow and upcoming release
  • 2018 December 20 — Dokan announces release ahead of publication by CERT
  • 2018 December 21 — New Keybase Windows release (2.12.3-20181221135356)
  • 2018 Dec 25 — This announcement