Lucene search

K
cveHackeroneCVE-2016-10658
HistoryMay 29, 2018 - 8:29 p.m.

CVE-2016-10658

2018-05-2920:29:01
CWE-311
CWE-310
hackerone
web.nvd.nist.gov
35
cve-2016-10658
native-opencv
opencv library
npm
vulnerability
rce
mitm attack
binary resources

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.002

Percentile

55.1%

native-opencv is the OpenCV library installed via npm native-opencv downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.

Affected configurations

Nvd
Node
native-opencv_projectnative-opencvMatch3.0.0node.js
VendorProductVersionCPE
native-opencv_projectnative-opencv3.0.0cpe:2.3:a:native-opencv_project:native-opencv:3.0.0:*:*:*:*:node.js:*:*

CNA Affected

[
  {
    "product": "native-opencv node module",
    "vendor": "HackerOne",
    "versions": [
      {
        "status": "affected",
        "version": "Not fixed"
      }
    ]
  }
]

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.002

Percentile

55.1%