CVE-2018-25223

EUVD-2018-21704
Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed attempts potentially causing denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
ftnappscrashmail_ii
𝑥
≤ 1.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
crashmail
bookworm
undetermined
bullseye
undetermined
forky
undetermined
sid
undetermined
trixie
undetermined
Common Weakness Enumeration
References
http://exploitpack.com
http://ftnapps.sourceforge.net/crashmail.html
https://www.exploit-db.com/exploits/44331
https://www.vulncheck.com/advisories/crashmail-stack-based-buffer-overflow-remote-code-execution