CVE-2018-18224 — HIGH (8.1)

Vulnerability Description

A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before the beginning, of the intended buffer. This can allow attackers to obtain sensitive information from process memory or cause a crash.

CVSS Score

8.1

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Opendesign	Drawings Sdk	2019
Oracle	Outside In Technology	8.5.3

Related Weaknesses (CWE)

CWE-125

References

http://www.securityfocus.com/bid/105603Third Party AdvisoryVDB Entry
https://www.opendesign.com/security-advisoriesVendor Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlVendor Advisory
http://www.securityfocus.com/bid/105603Third Party AdvisoryVDB Entry
https://www.opendesign.com/security-advisoriesVendor Advisory
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlVendor Advisory

FAQ

What is CVE-2018-18224?

CVE-2018-18224 is a vulnerability with a CVSS score of 8.1 (HIGH). A vulnerability exists in the file reading procedure in Open Design Alliance Drawings SDK 2019Update1 on non-Windows platforms in which attackers could perform read operations past the end, or before ...

How severe is CVE-2018-18224?

CVE-2018-18224 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-18224?

Check the references section above for vendor advisories and patch information. Affected products include: Opendesign Drawings Sdk, Oracle Outside In Technology.