{
  "threat_severity" : "Important",
  "public_date" : "2018-05-09T00:00:00Z",
  "bugzilla" : {
    "description" : "cups: Sandbox bypass due to insecure error handling",
    "id" : "1607283",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1607283"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-250",
  "details" : [ "In macOS High Sierra before 10.13.5, an access issue was addressed with additional sandbox restrictions on CUPS.", "A Sandbox bypass has been discovered in cups on macOS due to insecure error handling. An attacker that has obtained sandboxed root access can use this flow to escape the sandbox." ],
  "statement" : "This issue did not affect the versions of cups as shipped with Red Hat Enterprise Linux as cups on Linux does not support the Sandbox feature.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "cups",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "cups",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "cups",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "cups",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Not affected",
    "package_name" : "cups",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2018-4182\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-4182" ],
  "name" : "CVE-2018-4182",
  "csaw" : false
}