CVE-2026-10124

Summary

A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function rip_zebra_read_ipv4 of the file /usr/sbin/ripd of the component Zserv Handler. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer.

Affected Software

VendorProductVersion RangeStatus
ShibbyTomato1.0affected
ShibbyTomato1.1affected
ShibbyTomato1.2affected
ShibbyTomato1.3affected
ShibbyTomato1.4affected
ShibbyTomato1.5affected
ShibbyTomato1.6affected
ShibbyTomato1.7affected
ShibbyTomato1.8affected
ShibbyTomato1.9affected
ShibbyTomato1.10affected
ShibbyTomato1.11affected
ShibbyTomato1.12affected
ShibbyTomato1.13affected
ShibbyTomato1.14affected
ShibbyTomato1.15affected
ShibbyTomato1.16affected
ShibbyTomato1.17affected
ShibbyTomato1.18affected
ShibbyTomato1.19affected
ShibbyTomato1.20affected
ShibbyTomato1.21affected
ShibbyTomato1.22affected
ShibbyTomato1.23affected
ShibbyTomato1.24affected
ShibbyTomato1.25affected
ShibbyTomato1.26affected
ShibbyTomato1.27affected
ShibbyTomato1.28affected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References