CVE-2018-25223

Crashmail 1.6 Stack-based Buffer Overflow Remote Code Execution

CVSS 9.3 CRITICALEPSS 0.9%CWE-787

Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed attempts potentially causing denial of service.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

crashmail · Crashmail

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/44331no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://exploitpack.com http://ftnapps.sourceforge.net/crashmail.html https://www.exploit-db.com/exploits/44331 https://www.vulncheck.com/advisories/crashmail-stack-based-buffer-overflow-remote-code-execution