CVE-2018-6331

Summary

Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01.

Affected Software

VendorProductVersion RangeStatus
FacebookBuckv2018.06.25.01affected
FacebookBuckunspecified <= v2018.06.25.01affected

Weaknesses

  • CWE-502: Deserialization of Untrusted Data (CWE-502)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References