Buffer Overflow Vulnerability in Email Security (CVE-2018-16530)
- Article Number: 000016621
- Products: Forcepoint Email Security
- Version: 8.5
- Last Published Date: February 06, 2019
CVE-2018-16530 – High
A stack-based buffer overflow in Email Security allowed an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.
Forcepoint would like to thank Tomasz Bukowski from Bank Millennium for bringing this to our attention and working diligently with our Product Security Incident Response Team (PSIRT) to responsibly disclose this vulnerability in a coordinated manner.
This vulnerability can be mitigated by enabling Recipient Validation. See the Managing user validation/authentication options section of the Forcepoint Email Security Administrator Help document for more information.
Hotfix(es) and Information About Other Fixes
The following hotfixes are available to resolve this vulnerability: