{"api_version":"1","generated_at":"2026-07-14T17:42:58+00:00","cve":"CVE-2018-6919","urls":{"html":"https://cve.report/CVE-2018-6919","api":"https://cve.report/api/cve/CVE-2018-6919.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-6919","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-6919"},"summary":{"title":"CVE-2018-6919","description":"In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data.","state":"PUBLIC","assigner":"secteam@freebsd.org","published_at":"2018-04-04 14:29:00","updated_at":"2018-05-24 18:01:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/103760","name":"103760","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"FreeBSD CVE-2018-6919 Multiple Local Information Disclosure Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc","name":"https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc","refsource":"CONFIRM","tags":["Mitigation","Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-6919","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6919","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"6919","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"6919","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"freebsd","cpe5":"freebsd","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secteam@freebsd.org","DATE_PUBLIC":"2018-04-04T00:00:00","ID":"CVE-2018-6919","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"FreeBSD","version":{"version_data":[{"version_value":"All supported versions of FreeBSD."}]}}]},"vendor_name":"FreeBSD"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Kernel memory disclosure"}]}]},"references":{"reference_data":[{"name":"103760","refsource":"BID","url":"http://www.securityfocus.com/bid/103760"},{"name":"https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc","refsource":"CONFIRM","url":"https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc"}]}},"nvd":{"publishedDate":"2018-04-04 14:29:00","lastModifiedDate":"2018-05-24 18:01:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0","versionEndExcluding":"11.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0","versionEndExcluding":"10.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"6919","Ordinal":"123140","Title":"CVE-2018-6919","CVE":"CVE-2018-6919","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"6919","Ordinal":"1","NoteData":"In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"6919","Ordinal":"2","NoteData":"2018-04-04","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"6919","Ordinal":"3","NoteData":"2018-04-17","Type":"Other","Title":"Modified"}]}}}