CVE-2018-25223

EUVD-2018-21704
Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed attempts potentially causing denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulnCheckCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
crashmail
bookworm
undetermined
bullseye
undetermined
forky
undetermined
sid
undetermined
trixie
undetermined
Common Weakness Enumeration
References
http://exploitpack.com
http://ftnapps.sourceforge.net/crashmail.html
https://www.exploit-db.com/exploits/44331
https://www.vulncheck.com/advisories/crashmail-stack-based-buffer-overflow-remote-code-execution