Vulnerability Details CVE-2018-10193
LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service (browser hang) via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://forums.lastpass.com/viewtopic.php?f=12&t=286955
- https://twitter.com/LastPassHelp/status/955478245650071552
- https://www.youtube.com/watch?v=wTcYWZwq3TE
- https://forums.lastpass.com/viewtopic.php?f=12&t=286955
- https://twitter.com/LastPassHelp/status/955478245650071552
- https://www.youtube.com/watch?v=wTcYWZwq3TE
Products affected by CVE-2018-10193
-
cpe:2.3:a:logmein:lastpass:3.1.88
-
cpe:2.3:a:logmein:lastpass:3.1.89
-
cpe:2.3:a:logmein:lastpass:3.1.90
-
cpe:2.3:a:logmein:lastpass:3.1.91
-
cpe:2.3:a:logmein:lastpass:3.1.94
-
cpe:2.3:a:logmein:lastpass:3.1.95
-
cpe:2.3:a:logmein:lastpass:3.1.96
-
cpe:2.3:a:logmein:lastpass:3.1.97
-
cpe:2.3:a:logmein:lastpass:3.2.0
-
cpe:2.3:a:logmein:lastpass:3.2.1
-
cpe:2.3:a:logmein:lastpass:3.2.10
-
cpe:2.3:a:logmein:lastpass:3.2.11
-
cpe:2.3:a:logmein:lastpass:3.2.14
-
cpe:2.3:a:logmein:lastpass:3.2.15
-
cpe:2.3:a:logmein:lastpass:3.2.16
-
cpe:2.3:a:logmein:lastpass:3.2.17
-
cpe:2.3:a:logmein:lastpass:3.2.20
-
cpe:2.3:a:logmein:lastpass:3.2.21
-
cpe:2.3:a:logmein:lastpass:3.2.24
-
cpe:2.3:a:logmein:lastpass:3.2.25
-
cpe:2.3:a:logmein:lastpass:3.2.26
-
cpe:2.3:a:logmein:lastpass:3.2.27
-
cpe:2.3:a:logmein:lastpass:3.2.28
-
cpe:2.3:a:logmein:lastpass:3.2.29
-
cpe:2.3:a:logmein:lastpass:3.2.4
-
cpe:2.3:a:logmein:lastpass:3.2.40
-
cpe:2.3:a:logmein:lastpass:3.2.41
-
cpe:2.3:a:logmein:lastpass:3.2.5
-
cpe:2.3:a:logmein:lastpass:3.2.6
-
cpe:2.3:a:logmein:lastpass:3.2.7
-
cpe:2.3:a:logmein:lastpass:3.3.4
-
cpe:2.3:a:logmein:lastpass:4.1.0-2
-
cpe:2.3:a:logmein:lastpass:4.1.15
-
cpe:2.3:a:logmein:lastpass:4.1.16
-
cpe:2.3:a:logmein:lastpass:4.1.17
-
cpe:2.3:a:logmein:lastpass:4.1.2
-
cpe:2.3:a:logmein:lastpass:4.1.20
-
cpe:2.3:a:logmein:lastpass:4.1.23
-
cpe:2.3:a:logmein:lastpass:4.1.24
-
cpe:2.3:a:logmein:lastpass:4.1.26
-
cpe:2.3:a:logmein:lastpass:4.1.3
-
cpe:2.3:a:logmein:lastpass:4.1.30
-
cpe:2.3:a:logmein:lastpass:4.1.31
-
cpe:2.3:a:logmein:lastpass:4.1.33
-
cpe:2.3:a:logmein:lastpass:4.1.36
-
cpe:2.3:a:logmein:lastpass:4.1.37
-
cpe:2.3:a:logmein:lastpass:4.1.38
-
cpe:2.3:a:logmein:lastpass:4.1.39
-
cpe:2.3:a:logmein:lastpass:4.1.4
-
cpe:2.3:a:logmein:lastpass:4.1.40
-
cpe:2.3:a:logmein:lastpass:4.1.41
-
cpe:2.3:a:logmein:lastpass:4.1.42
-
cpe:2.3:a:logmein:lastpass:4.1.43
-
cpe:2.3:a:logmein:lastpass:4.1.45
-
cpe:2.3:a:logmein:lastpass:4.1.5
-
cpe:2.3:a:logmein:lastpass:4.1.51
-
cpe:2.3:a:logmein:lastpass:4.1.52
-
cpe:2.3:a:logmein:lastpass:4.1.55
-
cpe:2.3:a:logmein:lastpass:4.1.60
-
cpe:2.3:a:logmein:lastpass:4.1.61
-
cpe:2.3:a:logmein:lastpass:4.1.63
-
cpe:2.3:a:logmein:lastpass:4.1.64
-
cpe:2.3:a:logmein:lastpass:4.1.64a
-
cpe:2.3:a:logmein:lastpass:4.1.65
-
cpe:2.3:a:logmein:lastpass:4.1.65a
-
cpe:2.3:a:logmein:lastpass:4.1.7
-
cpe:2.3:a:logmein:lastpass:4.1.9
-
cpe:2.3:a:logmein:lastpass:4.10.0
-
cpe:2.3:a:logmein:lastpass:4.12.0
-
cpe:2.3:a:logmein:lastpass:4.15.0
-
cpe:2.3:a:logmein:lastpass:4.2.0
-
cpe:2.3:a:logmein:lastpass:4.2.0a
-
cpe:2.3:a:logmein:lastpass:4.3.0
-
cpe:2.3:a:logmein:lastpass:4.5.0
-
cpe:2.3:a:logmein:lastpass:4.7.0
-
cpe:2.3:a:logmein:lastpass:4.7.1
-
cpe:2.3:a:logmein:lastpass:4.7.3
-
cpe:2.3:a:logmein:lastpass:4.9.0
-
cpe:2.3:a:logmein:lastpass:4.9.1