PT-2018-9234 · Nasa · Kodiak
Cr1At0Rs
·
Published
2018-02-09
·
Updated
2018-03-01
·
CVE-2018-1000047
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
NASA Kodiak version v1.0
Description:
The issue is related to a data processing function in the Kodiak library, which can lead to remote code execution. This can be exploited when a victim opens an untrusted file for optimization using the Kodiak library.
Recommendations:
For NASA Kodiak version v1.0, consider avoiding the use of the data processing function in the Kodiak library until a fix is available, and refrain from opening untrusted files for optimization to minimize the risk of exploitation.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kodiak