CVE-2018-17930
published 2018-11-28CVE-2018-17930: A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution.
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
7.26%
93.6th percentile
A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ics-cert | teledyne_dalsa_sherlock | — | — |
| teledynedalsa | sherlock | <= 7.2.7.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is a stack-based buffer overflow (CWE-121) in Teledyne DALSA Sherlock Version 7.2.7.4 and prior; detection should focus on anomalous stack memory usage or crash telemetry in the Sherlock machine vision software process. ↗
- →No known public exploits exist and the vulnerability is not remotely exploitable; focus detection on local/interactive user activity and suspicious process behavior on hosts running Sherlock. ↗
- →Attack vector is local with low privilege and requires user interaction (CVSS vector AV:L/AC:L/PR:L/UI:R); monitor for low-privileged local users triggering Sherlock crashes or unexpected code execution. ↗
- ·Affected versions are Sherlock 7.2.7.4 and prior; version 7.2.7.5 and later are patched. Ensure asset inventory accurately identifies installed Sherlock versions before applying detection logic. ↗
- ·Exploitation requires low skill level, increasing likelihood of opportunistic attempts even without public exploit code. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Teledyne DALSA Sherlock
cisa_ics·2018-11-20·CVSS 9.8
[CRITICAL] Teledyne DALSA Sherlock
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Teledyne DALSA Sherlock
Last RevisedNovember 20, 2018
Alert CodeICSA-18-324-01
## 1. EXECUTIVE SUMMARY
-
CVSS v3 7.3
- ATTENTION: Low skill level to exploit
- Vendor: Teledyne DALSA
- Equipment: Sherlock
- Vulnerability: Stack-based Buffer Overflow
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could crash the device being accessed; a buffer overflow condition may allow remote code execution.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Sherlock, a machine vision software interface, are affected:
- Sherlock Version 7.2
GHSA
GHSA-9xhv-3vhq-92w6: A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7
ghsa_unreviewed·2022-05-13
CVE-2018-17930 [CRITICAL] CWE-787 GHSA-9xhv-3vhq-92w6: A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7
A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/105967https://ics-cert.us-cert.gov/advisories/ICSA-18-324-01%2Chttps://www.teledynedalsa.com/en/products/imaging/vision-software/sherlock/http://www.securityfocus.com/bid/105967https://ics-cert.us-cert.gov/advisories/ICSA-18-324-01%2Chttps://www.teledynedalsa.com/en/products/imaging/vision-software/sherlock/
2018-11-28
Published