VYPR

BrightCloud SDK

by Webroot Software

CVEs (2)

  • CVE-2018-4012Jan 3, 2019
    risk 0.00cvss epss 0.03

    An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a…

  • CVE-2018-4015Dec 18, 2018
    risk 0.00cvss epss 0.01

    An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote…