Vulnerability Details CVE-2018-15173
Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://code610.blogspot.com/2018/07/crashing-nmap-760.html
- http://code610.blogspot.com/2018/07/crashing-nmap-770.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00075.html
- https://security.netapp.com/advisory/ntap-20200827-0004/
- http://code610.blogspot.com/2018/07/crashing-nmap-760.html
- http://code610.blogspot.com/2018/07/crashing-nmap-770.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00075.html
- https://security.netapp.com/advisory/ntap-20200827-0004/
Products affected by CVE-2018-15173
-
cpe:2.3:a:nmap:nmap:2.05
-
cpe:2.3:a:nmap:nmap:2.06
-
cpe:2.3:a:nmap:nmap:2.07
-
cpe:2.3:a:nmap:nmap:2.08
-
cpe:2.3:a:nmap:nmap:2.09
-
cpe:2.3:a:nmap:nmap:2.10
-
cpe:2.3:a:nmap:nmap:2.11
-
cpe:2.3:a:nmap:nmap:2.12
-
cpe:2.3:a:nmap:nmap:2.2
-
cpe:2.3:a:nmap:nmap:2.3
-
cpe:2.3:a:nmap:nmap:2.50
-
cpe:2.3:a:nmap:nmap:2.51
-
cpe:2.3:a:nmap:nmap:2.52
-
cpe:2.3:a:nmap:nmap:2.53
-
cpe:2.3:a:nmap:nmap:2.54
-
cpe:2.3:a:nmap:nmap:2.99
-
cpe:2.3:a:nmap:nmap:3.00
-
cpe:2.3:a:nmap:nmap:3.10
-
cpe:2.3:a:nmap:nmap:3.15
-
cpe:2.3:a:nmap:nmap:3.20
-
cpe:2.3:a:nmap:nmap:3.25
-
cpe:2.3:a:nmap:nmap:3.26
-
cpe:2.3:a:nmap:nmap:3.27
-
cpe:2.3:a:nmap:nmap:3.28
-
cpe:2.3:a:nmap:nmap:3.30
-
cpe:2.3:a:nmap:nmap:3.40
-
cpe:2.3:a:nmap:nmap:3.45
-
cpe:2.3:a:nmap:nmap:3.48
-
cpe:2.3:a:nmap:nmap:3.50
-
cpe:2.3:a:nmap:nmap:3.55
-
cpe:2.3:a:nmap:nmap:3.70
-
cpe:2.3:a:nmap:nmap:3.75
-
cpe:2.3:a:nmap:nmap:3.81
-
cpe:2.3:a:nmap:nmap:3.90
-
cpe:2.3:a:nmap:nmap:3.91
-
cpe:2.3:a:nmap:nmap:3.93
-
cpe:2.3:a:nmap:nmap:3.94
-
cpe:2.3:a:nmap:nmap:3.95
-
cpe:2.3:a:nmap:nmap:3.96
-
cpe:2.3:a:nmap:nmap:3.98
-
cpe:2.3:a:nmap:nmap:3.99
-
cpe:2.3:a:nmap:nmap:3.999
-
cpe:2.3:a:nmap:nmap:3.9999
-
cpe:2.3:a:nmap:nmap:4.00
-
cpe:2.3:a:nmap:nmap:4.01
-
cpe:2.3:a:nmap:nmap:4.02
-
cpe:2.3:a:nmap:nmap:4.03
-
cpe:2.3:a:nmap:nmap:4.04
-
cpe:2.3:a:nmap:nmap:4.10
-
cpe:2.3:a:nmap:nmap:4.11
-
cpe:2.3:a:nmap:nmap:4.20
-
cpe:2.3:a:nmap:nmap:4.21
-
cpe:2.3:a:nmap:nmap:4.22
-
cpe:2.3:a:nmap:nmap:4.49
-
cpe:2.3:a:nmap:nmap:4.50
-
cpe:2.3:a:nmap:nmap:4.51
-
cpe:2.3:a:nmap:nmap:4.52
-
cpe:2.3:a:nmap:nmap:4.53
-
cpe:2.3:a:nmap:nmap:4.60
-
cpe:2.3:a:nmap:nmap:4.62
-
cpe:2.3:a:nmap:nmap:4.65
-
cpe:2.3:a:nmap:nmap:4.68
-
cpe:2.3:a:nmap:nmap:4.75
-
cpe:2.3:a:nmap:nmap:4.76
-
cpe:2.3:a:nmap:nmap:4.85
-
cpe:2.3:a:nmap:nmap:4.90
-
cpe:2.3:a:nmap:nmap:5.00
-
cpe:2.3:a:nmap:nmap:5.10
-
cpe:2.3:a:nmap:nmap:5.20
-
cpe:2.3:a:nmap:nmap:5.21
-
cpe:2.3:a:nmap:nmap:5.30
-
cpe:2.3:a:nmap:nmap:5.35
-
cpe:2.3:a:nmap:nmap:5.50
-
cpe:2.3:a:nmap:nmap:5.51
-
cpe:2.3:a:nmap:nmap:5.59
-
cpe:2.3:a:nmap:nmap:5.61
-
cpe:2.3:a:nmap:nmap:6.00
-
cpe:2.3:a:nmap:nmap:6.01
-
cpe:2.3:a:nmap:nmap:6.20
-
cpe:2.3:a:nmap:nmap:6.25
-
cpe:2.3:a:nmap:nmap:6.40
-
cpe:2.3:a:nmap:nmap:6.45
-
cpe:2.3:a:nmap:nmap:6.46
-
cpe:2.3:a:nmap:nmap:6.47
-
cpe:2.3:a:nmap:nmap:6.49
-
cpe:2.3:a:nmap:nmap:7.00
-
cpe:2.3:a:nmap:nmap:7.01
-
cpe:2.3:a:nmap:nmap:7.10
-
cpe:2.3:a:nmap:nmap:7.11
-
cpe:2.3:a:nmap:nmap:7.12
-
cpe:2.3:a:nmap:nmap:7.25
-
cpe:2.3:a:nmap:nmap:7.30
-
cpe:2.3:a:nmap:nmap:7.31
-
cpe:2.3:a:nmap:nmap:7.40
-
cpe:2.3:a:nmap:nmap:7.50
-
cpe:2.3:a:nmap:nmap:7.60
-
cpe:2.3:a:nmap:nmap:7.70