CVE-2018-6608

NONE EPSS 87.2%
Published Mar 28, 20188y ago · Modified Jun 17, 20262w ago
Find Similar
Published Mar 28, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

In the WebRTC component in Opera 51.0.2830.55, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.

Threat Intelligence

EPSS Exploit Probability
87.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

Affected Products 1

VendorProductVersionRange
operaopera_browser51.0.2830.55any

References 5

  • docs.google.com https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_0ug/edit?usp=sharing
    Third Party Advisory
  • github.com https://github.com/VoidSec/WebRTC-Leak
    Third Party Advisory
  • news.ycombinator.com https://news.ycombinator.com/item?id=16699270
    Issue Tracking
  • voidsec.com https://voidsec.com/vpn-leak/
    Third Party Advisory
  • bleepingcomputer.com https://www.bleepingcomputer.com/news/security/many-vpn-providers-leak-customers-ip-address-via-webrtc-bug/
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.