CVE-2025-66216
BaseFortify
Publication date: 2025-11-29
Last updated on: 2025-12-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aiscatcher | ais-catcher | to 0.64 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-131 | The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a heap buffer overflow in the AIS::Message class of AIS-catcher before version 0.64. It allows an attacker to write about 1KB of arbitrary data into a buffer that is only 128 bytes in size, potentially leading to memory corruption or arbitrary code execution. The issue was fixed in version 0.64.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary code or cause a denial of service by corrupting memory, as it enables writing more data than the buffer can hold. This can compromise the security and stability of systems running vulnerable versions of AIS-catcher.
What immediate steps should I take to mitigate this vulnerability?
Upgrade AIS-catcher to version 0.64 or later, as this version contains the patch that fixes the heap buffer overflow vulnerability in the AIS::Message class.