9.8
CVE-2018-25223
- EPSS 0.88%
- Veröffentlicht 28.03.2026 11:58:15
- Zuletzt bearbeitet 02.04.2026 19:10:16
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginCrashmail 1.6 Stack-based Buffer Overflow Remote Code Execution
Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed attempts potentially causing denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ftnapps ≫ Crashmail Ii Version <= 1.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.88% | 0.545 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| disclosure@vulncheck.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://www.exploit-db.com/exploits/44331
http://ftnapps.sourceforge.net/crashmail.html
http://exploitpack.com
https://www.vulncheck.com/advisories/crashmail-stack-based-buffer-overflow-remote-code-execution