Details about the buffer overflow vulnerability in Email Security versions 8.5.0 and 8.5.3. Take the actions recommended in this security advisory immediately to mitigate this issue.
Security advisory severity:
CVE-2018-16530 – High
CVE number:
CVE-2018-16530
Security advisory summary
A stack-based buffer overflow in Email Security allowed an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.
Forcepoint would like to thank Tomasz Bukowski from Bank Millennium for bringing this to our attention and working diligently with our Product Security Incident Response Team (PSIRT) to responsibly disclose this vulnerability in a coordinated manner.
Affected products
Workaround(s)
This vulnerability can be mitigated by enabling Recipient Validation. See the Managing user validation/authentication options section of the Forcepoint Email Security Administrator Help document for more information.
Hotfix(es) and information about other fixes
The following hotfixes are available to resolve this vulnerability:
Email Security 8.5.0 | Email Security 8.5.3 | |||
CVE-2018-16530 |
V8.5.0 HF001 For Appliance |
V8.5.3 HF001 For Appliance |