CVE-2018-16530
Summary
| CVE | CVE-2018-16530 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-04-09 19:29:00 UTC |
| Updated | 2022-10-28 19:22:00 UTC |
| Description | A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Forcepoint | Email Security | All | All | All | All |
| Application | Forcepoint | Email Security | 8.5.0 | All | All | All |
| Application | Forcepoint | Email Security | 8.5.3 | All | All | All |
| Application | Forcepoint | Email Security | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory: Buffer Overflow Vulnerability in Email Security (CVE-2018-16530) | MISC | help.forcepoint.com | |
| KB Article | Forcepoint Support | MISC | support.forcepoint.com | Mitigation, Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.