← back
CVE-2026-10124

Shibby Tomato Zserv ripd rip_zebra_read_ipv4 stack-based overflow

CVSS 8.7 HIGHEPSS 0.5%CWE-119CWE-121
A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function rip_zebra_read_ipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Affected products
Shibby · Tomato
public PoCs found1
cve_referencegitee.com/Fengyi-Wang/CVE/issues/IJ9FFGunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gitee.com/Fengyi-Wang/CVE/issues/IJ9FFGhttps://vuldb.com/submit/818239https://vuldb.com/vuln/367301https://vuldb.com/vuln/367301/cti