CVE-2018-16530

Published: Apr 9, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.

Affected (2)

Products: Forcepoint: Email Security

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Forcepoint Email Security	Version 8.5.0
Forcepoint Email Security	Version 8.5.3

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (4)

https://help.forcepoint.com/security/CVE/CVE-2018-16530.html

Source: psirt@forcepoint.com

Vendor Advisory

https://support.forcepoint.com/KBArticle?id=000016621

Source: psirt@forcepoint.com

Permissions RequiredVendor Advisory

https://help.forcepoint.com/security/CVE/CVE-2018-16530.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://support.forcepoint.com/KBArticle?id=000016621

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.