Medium severity4.3OSV Advisory· Published Apr 1, 2018· Updated Jun 17, 2026
CVE-2018-6849
CVE-2018-6849
Description
In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site that attempts to gather complete client information (such as https://ip.voidsec.com), the browser can disclose a private IP address in a STUN request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 0.1.0, 0.10.0, 0.2.0, …
- Range: 4.2.0
Patches
Vulnerability mechanics
References
5- www.exploit-db.com/exploits/44403/nvdExploitThird Party AdvisoryVDB Entry
- datarift.blogspot.com/p/private-ip-leakage-using-webrtc.htmlnvdThird Party Advisory
- github.com/rapid7/metasploit-framework/pull/9538nvdIssue TrackingThird Party Advisory
- news.ycombinator.com/itemnvdThird Party Advisory
- voidsec.com/vpn-leak/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.