CVE-2018-4871
HIGHRedhat Enterprise Linux Desktop < 28.0.0.126 - Out-of-Bounds Read
Title source: ruleDescription
An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/flash-player/apsb18-01.html
Third Party Advisory, VDB Entry vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0081
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102465
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040155
Scores
CVSS v3
7.5
EPSS
0.0602
EPSS Percentile
90.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-125
Status
published
Products (4)
adobe/flash_player
< 28.0.0.126 (4 CPE variants)
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_workstation
6.0
Published
Jan 09, 2018
Tracked Since
Feb 18, 2026