Search for vulnerabilities
Vulnerability details: VCID-y38z-d5du-aaah
Vulnerability ID VCID-y38z-d5du-aaah
Aliases CVE-2018-17463
Summary Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
cvssv3.1 8.8 http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html
cvssv3.1 8.8 http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html
ssvc Attend http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html
ssvc Attend http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17463.html
cvssv3.1 8.8 https://access.redhat.com/errata/RHSA-2018:3004
cvssv3.1 8.8 https://access.redhat.com/errata/RHSA-2018:3004
ssvc Attend https://access.redhat.com/errata/RHSA-2018:3004
ssvc Attend https://access.redhat.com/errata/RHSA-2018:3004
cvssv3 8.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17463.json
epss 0.89447 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.9015 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.9015 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91003 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91128 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91193 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91193 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91298 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91298 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91298 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91298 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91298 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91359 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91359 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91359 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.91359 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.96423 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.96423 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.96533 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.96966 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.96966 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.96966 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.96966 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.96966 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.96966 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.96966 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
epss 0.96966 https://api.first.org/data/v1/epss?cve=CVE-2018-17463
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1640099
cvssv3.1 8.8 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
cvssv3.1 8.8 https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
ssvc Attend https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
ssvc Attend https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
cvssv3.1 8.8 https://crbug.com/888923
cvssv3.1 8.8 https://crbug.com/888923
ssvc Attend https://crbug.com/888923
ssvc Attend https://crbug.com/888923
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17462
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17463
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17464
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17465
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17467
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17468
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17469
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17470
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17471
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17472
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17473
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17474
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17475
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17476
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17477
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20071
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5179
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2018-17463
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-17463
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2018-17463
archlinux Critical https://security.archlinux.org/AVG-781
cvssv3.1 8.8 https://security.gentoo.org/glsa/201811-10
cvssv3.1 8.8 https://security.gentoo.org/glsa/201811-10
ssvc Attend https://security.gentoo.org/glsa/201811-10
ssvc Attend https://security.gentoo.org/glsa/201811-10
cvssv3.1 8.8 https://www.debian.org/security/2018/dsa-4330
cvssv3.1 8.8 https://www.debian.org/security/2018/dsa-4330
ssvc Attend https://www.debian.org/security/2018/dsa-4330
ssvc Attend https://www.debian.org/security/2018/dsa-4330
cvssv3.1 8.8 http://www.securityfocus.com/bid/105666
cvssv3.1 8.8 http://www.securityfocus.com/bid/105666
ssvc Attend http://www.securityfocus.com/bid/105666
ssvc Attend http://www.securityfocus.com/bid/105666
Reference id Reference type URL
http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17463.html
https://access.redhat.com/errata/RHSA-2018:3004
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17463.json
https://api.first.org/data/v1/epss?cve=CVE-2018-17463
https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
https://crbug.com/888923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17462
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17466
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17468
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17469
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17470
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17471
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17472
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17473
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17474
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17475
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17476
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5179
https://security.gentoo.org/glsa/201811-10
https://www.debian.org/security/2018/dsa-4330
http://www.securityfocus.com/bid/105666
1640099 https://bugzilla.redhat.com/show_bug.cgi?id=1640099
ASA-201810-12 https://security.archlinux.org/ASA-201810-12
AVG-781 https://security.archlinux.org/AVG-781
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux_workstation:6.0:*:*:*:*:*:*:*
CVE-2018-17463 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/48184.rb
CVE-2018-17463 https://nvd.nist.gov/vuln/detail/CVE-2018-17463
CVE-2018-17463 Exploit https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/browser/chrome_object_create.rb
Data source Exploit-DB
Date added March 9, 2020
Description Google Chrome 67_ 68 and 69 - Object.create Type Confusion (Metasploit)
Ransomware campaign use Known
Source publication date March 9, 2020
Exploit type remote
Platform multiple
Source update date March 9, 2020
Source URL https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/browser/chrome_object_create.rb
Data source Metasploit
Description This modules exploits a type confusion in Google Chromes JIT compiler. The Object.create operation can be used to cause a type confusion between a PropertyArray and a NameDictionary. The payload is executed within the rwx region of the sandboxed renderer process. This module can target the renderer process (target 0), but Google Chrome must be launched with the --no-sandbox flag for the payload to execute successfully. Alternatively, this module can use CVE-2019-1458 to escape the renderer sandbox (target 1). This will only work on vulnerable versions of Windows (e.g Windows 7) and the exploit can only be triggered once. Additionally the exploit can cause the target machine to restart when the session is terminated. A BSOD is also likely to occur when the system is shut down or rebooted.
Note 
Reliability:
  - repeatable-session
SideEffects:
  - ioc-in-logs
Stability:
  - crash-safe
Ransomware campaign use Unknown
Source publication date Sept. 25, 2018
Platform Linux,OSX,Windows,Windows
Source URL https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/chrome_object_create.rb
Data source KEV
Date added June 8, 2022
Description Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action Apply updates per vendor instructions.
Due date June 22, 2022
Note 
https://nvd.nist.gov/vuln/detail/CVE-2018-17463
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:17:01Z/ Found at http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:17:01Z/ Found at http://packetstormsecurity.com/files/156640/Google-Chrome-67-68-69-Object.create-Type-Confusion.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2018:3004
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/errata/RHSA-2018:3004
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:17:01Z/ Found at https://access.redhat.com/errata/RHSA-2018:3004
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:17:01Z/ Found at https://access.redhat.com/errata/RHSA-2018:3004
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17463.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:17:01Z/ Found at https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:17:01Z/ Found at https://chromereleases.googleblog.com/2018/10/stable-channel-update-for-desktop.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/888923
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/888923
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:17:01Z/ Found at https://crbug.com/888923
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:17:01Z/ Found at https://crbug.com/888923
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-17463
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-17463
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-17463
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201811-10
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201811-10
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:17:01Z/ Found at https://security.gentoo.org/glsa/201811-10
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:17:01Z/ Found at https://security.gentoo.org/glsa/201811-10
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2018/dsa-4330
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.debian.org/security/2018/dsa-4330
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:17:01Z/ Found at https://www.debian.org/security/2018/dsa-4330
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:17:01Z/ Found at https://www.debian.org/security/2018/dsa-4330
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/105666
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/105666
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:17:01Z/ Found at http://www.securityfocus.com/bid/105666
Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-29T17:17:01Z/ Found at http://www.securityfocus.com/bid/105666
Exploit Prediction Scoring System (EPSS)
Percentile 0.99517
EPSS Score 0.89447
Published At May 2, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.