CVE-2018-6331

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Buck versions prior to v2018.06.25.01

Description The issue arises from the Buck parser-cache command, which utilizes Java serialized objects to load and save state. If the state information is maliciously crafted, deserializing it could lead to code execution.

Recommendations For versions prior to v2018.06.25.01, update to version v2018.06.25.01 or later to resolve the issue.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2018-6331

Affected Products

Buck

CVE-2018-6331

Weakness Enumeration

Related Identifiers

Affected Products

References · 4