CVE-2025-9001

A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The manipulation of the argument chunkSize leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
5.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 41%
Common Weakness Enumeration
References
https://github.com/LemonOSProject/LemonOS/issues/60
https://hkohi.ca/vulnerability/16
https://vuldb.com/?ctiid.320030
https://vuldb.com/?id.320030
https://vuldb.com/?submit.624974
https://github.com/LemonOSProject/LemonOS/issues/60
https://hkohi.ca/vulnerability/16
https://vuldb.com/?submit.624974