CVE-2018-9370

CVSS 3.1 Score 7.3 of 10 (high)

Details

Published Nov 19, 2024
Updated: Nov 22, 2024
CWE ID 787

Summary

CVE-2018-9370 is a vulnerability affecting a specific component of a software product. In the "download.c" file, there is a mode that enables users to download data directly into memory. However, this functionality is missing a critical bounds check, potentially resulting in memory corruption. Consequences of this vulnerability can include local privilege escalation, allowing unprivileged users to gain elevated access without requiring additional execution privileges. Exploitation of this issue necessitates user interaction.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share