Buffer Overflow Vulnerability in Webroot BrightCloud SDK's HTTP Header-Parsing Function

Buffer Overflow Vulnerability in Webroot BrightCloud SDK's HTTP Header-Parsing Function

CVE-2018-4012 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightCloud server to trigger this vulnerability.

Learn more about our Web App Pen Testing.