CVE-2018-1000047

EPSS 0.92%
Published 09.02.2018 23:29:01
Last modified 21.11.2024 03:39:31
Source cve@mitre.org
Teams watchlist Login
Open Login

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Nasa ≫ Kodiak Version1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.92%	0.75

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://github.com/nasa/Kodiak/issues/5

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2018-1000047

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-1000047

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-1000047

EUVD