CVE-2018-16530 - A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft m

CVE-2018-16530

Summary

A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.

References

Vulnerable Configurations

cpe:2.3:a:forcepoint:email_security:8.5.3:*:*:*:*:*:*:*
cpe:2.3:a:forcepoint:email_security:8.5.3:*:*:*:*:*:*:*
cpe:2.3:a:forcepoint:email_security:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:forcepoint:email_security:8.5.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 28-10-2022 - 19:22)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

misc

https://support.forcepoint.com/KBArticle?id=000016621

Last major update

28-10-2022 - 19:22

Published

09-04-2019 - 19:29

Last modified

28-10-2022 - 19:22