Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-16530

A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.

Published

2019-04-09T19:29:00.273

Last Modified

2024-11-21T03:52:55.660

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	forcepoint	email_security	8.5.0	Yes
Application	forcepoint	email_security	8.5.3	Yes

References

https://help.forcepoint.com/security/CVE/CVE-2018-16530.html Vendor Advisory ([email protected])
https://support.forcepoint.com/KBArticle?id=000016621 Permissions Required, Vendor Advisory ([email protected])
https://help.forcepoint.com/security/CVE/CVE-2018-16530.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.forcepoint.com/KBArticle?id=000016621 Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)