← back
CVE-2018-25253

Termite 3.4 Denial of Service via Settings Buffer Overflow

CVSS 6.9 MEDIUMEPSS 0.2%CWE-787
Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the application.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected products
Compuphase · Termite
public PoCs found1
cve_referencewww.exploit-db.com/exploits/45453unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.compuphase.comhttps://www.compuphase.com/software_termite.htmhttps://www.exploit-db.com/exploits/45453https://www.vulncheck.com/advisories/termite-denial-of-service-via-settings-buffer-overflow