NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.25125
Percentile:
0.95927
CVSS Scoring
CVSS v3.1 Score: 10.0
Severity: CRITICAL
Mapped CWE(s)
-
CWE-119
: Improper Restriction of Operations within the Bounds of a Memory Buffer
All CAPEC(s)
-
CAPEC-10: Buffer Overflow via Environment Variables
-
CAPEC-100: Overflow Buffers
-
CAPEC-123: Buffer Manipulation
-
CAPEC-14: Client-side Injection-induced Buffer Overflow
-
CAPEC-24: Filter Failure through Buffer Overflow
-
CAPEC-42: MIME Conversion
-
CAPEC-44: Overflow Binary Resource File
-
CAPEC-45: Buffer Overflow via Symbolic Links
-
CAPEC-46: Overflow Variables and Tags
-
CAPEC-47: Buffer Overflow via Parameter Expansion
-
CAPEC-8: Buffer Overflow in an API Call
-
CAPEC-9: Buffer Overflow in Local Command-Line Utilities
CAPEC(s) with Mapped TTPs
Mapped ATT&CK TTPs
Affected Products
- cpe:2.3:a:google:native_client:2015:*:*:*:*:*:*:*
← Back to Home