CVE-2018-4012
NONE EPSS 83.0%
Published Jan 3, 20197y ago · Modified Jun 17, 20262w ago
Published Jan 3, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
Description
An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightCloud server to trigger this vulnerability.
Threat Intelligence
EPSS Exploit Probability
83.0% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| webroot | brightcloud | * | any |
References 1
- talosintelligence.com https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0683
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.