CVE-2018-25214
Received Received - Intake
Local Buffer Overflow in MegaPing Finger Function Causes DoS

Publication date: 2026-03-26

Last updated on: 2026-03-27

Assigner: VulnCheck

Description
MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload to the Destination Address List field in the Finger function. Attackers can paste a crafted buffer exceeding expected input limits into the vulnerable field and trigger the Start button to cause a denial of service crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-03-27
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25214
EUVD
EUVD-2018-21686
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
magnetosoft megaping 1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in MegaPing is a local buffer overflow that causes a denial of service (DoS) crash by inputting an oversized payload into the Destination Address List field. It impacts availability by crashing the application but does not affect confidentiality or integrity.

There is no information provided in the available resources about how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2018-25214 is a local buffer overflow vulnerability in the MegaPing application. It occurs when a local attacker inputs an oversized payload into the Destination Address List field within the Finger function. This crafted input exceeds the expected input size, causing the application to crash when the Start button is pressed.

The vulnerability is classified as CWE-787 (Out-of-bounds Write) and results from improper input validation leading to memory corruption.

Impact Analysis

This vulnerability can be exploited by a local attacker to cause a denial of service (DoS) by crashing the MegaPing application. The attacker does not need any special privileges or user interaction beyond local access.

While it does not allow remote code execution or privilege escalation, it disrupts normal application operation and availability, potentially impacting any processes or workflows relying on MegaPing.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the crash condition locally on the system running MegaPing. Specifically, an oversized payload can be supplied to the "Destination Address List" field within the Finger function to see if the application crashes.

A practical detection method involves using a crafted input buffer that exceeds the expected input size. For example, a proof-of-concept Python script can generate a file containing 8000 'A' characters, which can then be copied and pasted into the vulnerable input field to trigger the crash.

  • Run a Python script to create a large payload file (e.g., "Evil.txt" with 8000 'A's).
  • Open the generated file and copy its contents to the clipboard.
  • Launch MegaPing and navigate to the Finger function.
  • Paste the copied large payload into the "Destination Address List" field.
  • Click the Start button and observe if the application crashes, indicating the presence of the vulnerability.
Mitigation Strategies

To mitigate this vulnerability immediately, avoid supplying oversized or untrusted input to the "Destination Address List" field in the Finger function of MegaPing.

Since the vulnerability requires local access and is triggered by user input, restricting access to the application and limiting who can run MegaPing can reduce risk.

Additionally, monitor for application crashes and consider disabling or replacing the vulnerable feature until a patch or update is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25214. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart