CVE-2018-1037

CWE-908Use of Uninitialized Resource4 documents4 sources
Severity
4.3MEDIUM
EPSS
9.5%
top 7.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Microsoft Visual StudioMicrosoft Visual StudioMicrosoft Visual Studio 2017
Timeline
PublishedApr 12
Latest updateMay 13

Description

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDmicrosoft/visual_studio5 versions+4
NVDmicrosoft/visual_studio_201715.6.6, 15.7+1
CVEListV5microsoft/microsoft_visual_studio7 versions+6

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-mrwc-m279-7475: An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling progra2022-05-13
CVEList
CVE-2018-1037: An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling progra2018-04-12

📋Vendor Advisories

1
Microsoft
Microsoft Visual Studio Information Disclosure Vulnerability2018-04-10
CVE-2018-1037 (MEDIUM CVSS 4.3) | An information disclosure vulnerabi | cvebase.io