VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-2cy7-4k5v-5kdh

Essentials
Severities (23)
References (77)
Severity details (17)
Exploits (2)
EPSS
History (1)

Vulnerability ID	VCID-2cy7-4k5v-5kdh
Aliases	CVE-2018-6065
Summary	Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Status	Published
Exploitability	2.0
Weighted Severity	7.9
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-190

Integer Overflow or Wraparound

System	Score	Found at
cvssv3.1	8.8	https://access.redhat.com/errata/RHSA-2018:0484
ssvc	Attend	https://access.redhat.com/errata/RHSA-2018:0484
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6065.json
epss	0.84842	https://api.first.org/data/v1/epss?cve=CVE-2018-6065
epss	0.84842	https://api.first.org/data/v1/epss?cve=CVE-2018-6065
epss	0.86853	https://api.first.org/data/v1/epss?cve=CVE-2018-6065
epss	0.86853	https://api.first.org/data/v1/epss?cve=CVE-2018-6065
epss	0.86853	https://api.first.org/data/v1/epss?cve=CVE-2018-6065
epss	0.86853	https://api.first.org/data/v1/epss?cve=CVE-2018-6065
cvssv3.1	8.8	https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
ssvc	Attend	https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
cvssv3.1	8.8	https://crbug.com/808192
ssvc	Attend	https://crbug.com/808192
cvssv2	6.8	https://nvd.nist.gov/vuln/detail/CVE-2018-6065
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2018-6065
cvssv3.1	8.8	https://www.debian.org/security/2018/dsa-4182
ssvc	Attend	https://www.debian.org/security/2018/dsa-4182
cvssv3.1	8.8	https://www.exploit-db.com/exploits/44584/
ssvc	Attend	https://www.exploit-db.com/exploits/44584/
cvssv3.1	8.8	https://www.zerodayinitiative.com/advisories/ZDI-19-367/
ssvc	Attend	https://www.zerodayinitiative.com/advisories/ZDI-19-367/
cvssv3.1	8.8	http://www.securityfocus.com/bid/103297
ssvc	Attend	http://www.securityfocus.com/bid/103297

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6065.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-6065
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6056
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6057
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6060
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6061
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6062
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6063
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6064
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6065
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6066
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6067
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6068
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6069
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6070
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6071
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6072
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6073
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6074
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6075
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6076
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6077
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6078
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6079
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6080
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6081
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6082
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6083
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6085
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6086
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6087
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6088
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6089
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6090
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6091
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6092
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6093
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6094
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6095
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6096
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6097
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6098
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6099
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6100
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6101
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6102
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6103
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6104
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6105
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6106
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6107
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6108
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6109
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6110
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6111
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6112
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6113
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6114
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6116
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6117
103297		http://www.securityfocus.com/bid/103297
1552482		https://bugzilla.redhat.com/show_bug.cgi?id=1552482
44584		https://www.exploit-db.com/exploits/44584/
808192		https://crbug.com/808192
cpe:2.3:a:google:chrome::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::
cpe:2.3:a:mi:mi6_browser:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mi:mi6_browser:-:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
CVE-2018-6065	Exploit	https://bugs.chromium.org/p/project-zero/issues/detail?id=1526
CVE-2018-6065	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/44584.txt
CVE-2018-6065		https://nvd.nist.gov/vuln/detail/CVE-2018-6065
dsa-4182		https://www.debian.org/security/2018/dsa-4182
RHSA-2018:0484		https://access.redhat.com/errata/RHSA-2018:0484
stable-channel-update-for-desktop.html		https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html
ZDI-19-367		https://www.zerodayinitiative.com/advisories/ZDI-19-367/

Data source	Exploit-DB
Date added	May 4, 2018
Description	Google Chrome V8 - Object Allocation Size Integer Overflow
Ransomware campaign use	Known
Source publication date	May 4, 2018
Exploit type	remote
Platform	multiple
Source update date	May 4, 2018
Source URL	https://bugs.chromium.org/p/project-zero/issues/detail?id=1526

Data source	KEV
Date added	June 8, 2022
Description	Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action	Apply updates per vendor instructions.
Due date	June 22, 2022
Note	https://nvd.nist.gov/vuln/detail/CVE-2018-6065
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2018:0484

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:27Z/ Found at https://access.redhat.com/errata/RHSA-2018:0484

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6065.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:27Z/ Found at https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/808192

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:27Z/ Found at https://crbug.com/808192

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-6065

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-6065

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2018/dsa-4182

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:27Z/ Found at https://www.debian.org/security/2018/dsa-4182

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/44584/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:27Z/ Found at https://www.exploit-db.com/exploits/44584/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.zerodayinitiative.com/advisories/ZDI-19-367/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:27Z/ Found at https://www.zerodayinitiative.com/advisories/ZDI-19-367/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/103297

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:27Z/ Found at http://www.securityfocus.com/bid/103297

Exploit Prediction Scoring System (EPSS)

Percentile	0.99306
EPSS Score	0.84842
Published At	Aug. 2, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:48:52.314372+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2018/6xxx/CVE-2018-6065.json	37.0.0