CVE-2018-9370
CVSS 3.1 Score 7.3 of 10 (high)
Details
Published Nov 19, 2024
Updated: Nov 22, 2024
CWE ID 787
Summary
CVE-2018-9370 is a vulnerability affecting a specific component of a software product. In the "download.c" file, there is a mode that enables users to download data directly into memory. However, this functionality is missing a critical bounds check, potentially resulting in memory corruption. Consequences of this vulnerability can include local privilege escalation, allowing unprivileged users to gain elevated access without requiring additional execution privileges. Exploitation of this issue necessitates user interaction.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share