Vulnerability Details : CVE-2018-16530
A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Products affected by CVE-2018-16530
- cpe:2.3:a:forcepoint:email_security:8.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:forcepoint:email_security:8.5.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-16530
3.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-16530
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2018-16530
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-16530
-
https://help.forcepoint.com/security/CVE/CVE-2018-16530.html
Vendor Advisory
-
https://support.forcepoint.com/KBArticle?id=000016621
KB Article | Forcepoint SupportPermissions Required;Vendor Advisory
Jump to