CVE-2018-25225 in SIPP
摘要 (英语)
SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets.
负责
VulnCheck
预定
2026-03-28
披露
2026-03-28
条目
| 已发布 | 基础 | 临时 | 漏洞 | CWE | 产品 | 可利用 | 对策 | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 2026-03-28 | 6.8 | 6.6 | SIPP Configuration 弱身份验证 | 306 | 未知 | 概念验证 | 未定义 | 0.00016 | 2.60 | CVE-2018-25225 |