{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T07:23:47.471","vulnerabilities":[{"cve":{"id":"CVE-2018-15503","sourceIdentifier":"cve@mitre.org","published":"2018-08-18T02:29:01.903","lastModified":"2024-11-21T03:50:57.260","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV."},{"lang":"es","value":"La implementación de desempaquetado en la versión 4.0.4 de Swoole carece de controles de tamaño correctos en el proceso de deserialización. Un atacante puede crear un objeto serializado para explotar esta vulnerabilidad y provocar un SEGV."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:swoole:swoole:4.0.4:*:*:*:*:*:*:*","matchCriteriaId":"93EF17F5-CCB3-4CB8-AFE3-706C531F3B1F"}]}]}],"references":[{"url":"https://github.com/swoole/swoole-src/commit/4cdbce5d9bf2fe596bb6acd7d6611f9e8c253a76","source":"cve@mitre.org","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/swoole/swoole-src/issues/1882","source":"cve@mitre.org","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://x-c3ll.github.io/posts/swoole-deserialization-cve-2018-15503/","source":"cve@mitre.org","tags":["Technical Description","Third Party Advisory"]},{"url":"https://github.com/swoole/swoole-src/commit/4cdbce5d9bf2fe596bb6acd7d6611f9e8c253a76","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://github.com/swoole/swoole-src/issues/1882","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://x-c3ll.github.io/posts/swoole-deserialization-cve-2018-15503/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description","Third Party Advisory"]}]}}]}