VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-bafk-vevf-aaac

Essentials
Severities (139)
References (51)
Severity details (65)
Exploits (1)
EPSS
History (0)

Vulnerability ID	VCID-bafk-vevf-aaac
Aliases	CVE-2018-17480
Summary	Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-787

Out-of-bounds Write

System	Score	Found at
generic_textual	Untriaged	http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17480.html
cvssv3.1	8.8	https://access.redhat.com/errata/RHSA-2018:3803
cvssv3.1	8.8	https://access.redhat.com/errata/RHSA-2018:3803
ssvc	Attend	https://access.redhat.com/errata/RHSA-2018:3803
ssvc	Attend	https://access.redhat.com/errata/RHSA-2018:3803
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17480.json
epss	0.30285	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.38807	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.38807	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.38807	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.38807	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.39964	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.42081	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.42081	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.42081	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.42081	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.42081	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.42081	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.42081	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.42081	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.42081	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.42081	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.42937	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.44463	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45305	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45305	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45305	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45305	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45305	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45305	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45305	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45305	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45305	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45305	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45305	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45305	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45305	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45305	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45305	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.45641	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.68337	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.86659	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.86659	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.86659	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.86659	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.86659	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.86659	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.86659	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.86783	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.86783	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.89875	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.89875	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.89875	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
epss	0.89875	https://api.first.org/data/v1/epss?cve=CVE-2018-17480
rhbs	high	https://bugzilla.redhat.com/show_bug.cgi?id=1656547
cvssv3.1	8.8	https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
cvssv3.1	8.8	https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
generic_textual	Medium	https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
ssvc	Attend	https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
ssvc	Attend	https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
cvssv3.1	8.8	https://crbug.com/905940
cvssv3.1	8.8	https://crbug.com/905940
ssvc	Attend	https://crbug.com/905940
ssvc	Attend	https://crbug.com/905940
generic_textual	Untriaged	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17480
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17481
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18335
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18336
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18337
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18338
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18339
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18340
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18341
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18342
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18343
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18344
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18345
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18346
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18347
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18348
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18349
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18350
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18351
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18352
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18353
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18354
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18355
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18357
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18358
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18359
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20065
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20066
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20067
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20068
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20070
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20346
cvssv2	6.8	https://nvd.nist.gov/vuln/detail/CVE-2018-17480
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2018-17480
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2018-17480
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2018-17480
archlinux	Critical	https://security.archlinux.org/AVG-824
cvssv3.1	8.8	https://security.gentoo.org/glsa/201908-18
cvssv3.1	8.8	https://security.gentoo.org/glsa/201908-18
ssvc	Attend	https://security.gentoo.org/glsa/201908-18
ssvc	Attend	https://security.gentoo.org/glsa/201908-18
cvssv3.1	8.8	https://www.debian.org/security/2018/dsa-4352
cvssv3.1	8.8	https://www.debian.org/security/2018/dsa-4352
ssvc	Attend	https://www.debian.org/security/2018/dsa-4352
ssvc	Attend	https://www.debian.org/security/2018/dsa-4352
cvssv3.1	8.8	http://www.securityfocus.com/bid/106084
cvssv3.1	8.8	http://www.securityfocus.com/bid/106084
ssvc	Attend	http://www.securityfocus.com/bid/106084
ssvc	Attend	http://www.securityfocus.com/bid/106084

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17480.html
		https://access.redhat.com/errata/RHSA-2018:3803
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17480.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-17480
		https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html
		https://crbug.com/905940
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17480
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17481
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18335
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18336
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18337
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18338
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18339
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18340
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18341
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18342
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18343
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18344
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18345
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18346
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18347
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18348
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18349
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18350
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18351
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18352
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18353
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18354
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18355
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18356
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18357
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18358
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18359
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20065
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20066
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20067
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20068
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20070
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20346
		https://security.gentoo.org/glsa/201908-18
		https://www.debian.org/security/2018/dsa-4352
		http://www.securityfocus.com/bid/106084
1656547		https://bugzilla.redhat.com/show_bug.cgi?id=1656547
ASA-201812-2		https://security.archlinux.org/ASA-201812-2
AVG-824		https://security.archlinux.org/AVG-824
cpe:2.3:a:google:chrome::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
CVE-2018-17480		https://nvd.nist.gov/vuln/detail/CVE-2018-17480

Data source	KEV
Date added	June 8, 2022
Description	Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action	Apply updates per vendor instructions.
Due date	June 22, 2022
Note	https://nvd.nist.gov/vuln/detail/CVE-2018-17480
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2018:3803

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2018:3803

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:06Z/ Found at https://access.redhat.com/errata/RHSA-2018:3803

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17480.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:06Z/ Found at https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/905940

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/905940

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:06Z/ Found at https://crbug.com/905940

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-17480

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-17480

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-17480

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-17480

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201908-18

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201908-18

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:06Z/ Found at https://security.gentoo.org/glsa/201908-18

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2018/dsa-4352

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2018/dsa-4352

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:06Z/ Found at https://www.debian.org/security/2018/dsa-4352

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/106084

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/106084

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:16:06Z/ Found at http://www.securityfocus.com/bid/106084

Exploit Prediction Scoring System (EPSS)

Percentile	0.96427
EPSS Score	0.30285
Published At	June 20, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.