CVE-2018-16530
Last modified
CVE-2018-16530 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. EPSS estimates a 3.44% chance of exploitation in the next 30 days.
Description
A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Forcepoint | Email Security | 8.5.0 |
| Forcepoint | Email Security | 8.5.3 |
References
- https://help.forcepoint.com/security/CVE/CVE-2018-16530.htmlVendor Advisory
- https://support.forcepoint.com/KBArticle?id=000016621Permissions Required, Vendor Advisory
- https://help.forcepoint.com/security/CVE/CVE-2018-16530.htmlVendor Advisory
- https://support.forcepoint.com/KBArticle?id=000016621Permissions Required, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-16530?
How severe is CVE-2018-16530?
How do I fix CVE-2018-16530?
Are you affected by CVE-2018-16530?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST