CVE-2018-25295

Summary

ObserverIP Scan Tool 1.4.0.1 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the IP input field. Attackers can paste a 2000-byte buffer of repeated characters into the IP field and trigger a search operation to cause an application crash.

Affected Software

VendorProductVersion RangeStatus
P10ObserverIP Scan Tool1.4.0.1affected

Weaknesses

  • CWE-789: Memory Allocation with Excessive Size Value

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References