← back
CVE-2018-25225

SIPP 3.3 Stack-Based Buffer Overflow via Configuration File

CVSS 8.6 HIGHEPSS 0.2%CWE-306
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
Sipp · SIPP
public PoCs found1
cve_referencewww.exploit-db.com/exploits/45288unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://sipp.sourceforge.net/https://www.exploit-db.com/exploits/45288https://www.vulncheck.com/advisories/sipp-stack-based-buffer-overflow-via-configuration-file