CVE-2018-25285

Fathom 2.4 Denial of Service via Authorization Code Buffer Overflow

CVSS 6.8 MEDIUMEPSS 0.1%CWE-120

Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a 6000-byte payload into the Authorization Code field and click Activate to trigger a denial of service condition.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected products

Fathom · Fathom

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/45294unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fathom.concord.org/https://fathom.concord.org/download/https://www.exploit-db.com/exploits/45294 https://www.vulncheck.com/advisories/fathom-denial-of-service-via-authorization-code-buffer-overflow