Stack-based Buffer Overflow in Forcepoint Email Security Products
CVE-2018-16530

9.8CRITICAL

Key Information:

Vendor: Forcepoint
Status: Forcepoint Email Security
Vendor: CVE Published:; 9 April 2019

What is CVE-2018-16530?

A stack-based buffer overflow vulnerability exists in Forcepoint Email Security version 8.5, which allows attackers to submit specially crafted input. This could result in process crashes leading to a denial-of-service condition. Although there are no confirmed Remote Code Execution (RCE) vulnerabilities associated with this issue, the nature of buffer overflows means that potential security risks may arise. Forcepoint has enabled Data Execution Protection (DEP) on the appliance as a preventive measure against such vulnerabilities.

Affected Version(s)

Forcepoint Email Security 8.5

References

https://support.forcepoint.com/KBArticle?id=000016621

x_refsource_MISC

https://help.forcepoint.com/security/CVE/CVE-2018-16530.html

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2019
Vulnerability Reserved
Sep 5, 2018