CVE-2018-5704

Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site.
Severity
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
debiandebian_linux
8.0
debiandebian_linux
9.0
openocdopen_on-chip_debugger
0.10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openocd
bullseye
0.11.0~rc2-1
fixed
bookworm
0.12.0-1
fixed
sid
0.12.0-3
fixed
trixie
0.12.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openocd
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
ignored
xenial
Fixed 0.9.0-1+deb8u1build0.16.04.1
released
trusty
dne