CVE-2018-25223

Crashmail 1.6 Stack-based Buffer Overflow Remote Code Execution

CVSS 9.3 CRITICALEPSS 0.9%CWE-787

Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed attempts potentially causing denial of service.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

crashmail · Crashmail

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/44331não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://exploitpack.com http://ftnapps.sourceforge.net/crashmail.html https://www.exploit-db.com/exploits/44331 https://www.vulncheck.com/advisories/crashmail-stack-based-buffer-overflow-remote-code-execution