CVE-2018-25216
Local Buffer Overflow in AnyBurn 4.3 Causes DoS Crash
Publication date: 2026-03-26
Last updated on: 2026-03-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| powersoftware | anyburn | 4.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2018-25216 is a local buffer overflow vulnerability found in AnyBurn version 4.3 (32-bit). It occurs when a local attacker inputs an excessively long stringβspecifically a 10,000-byte payloadβinto the 'Image file name' field during the 'Copy disk to Image' operation. This causes the application to improperly handle the buffer size, leading to a crash of the application.
The vulnerability is triggered by pasting a very large string into the input field, which overflows the buffer allocated for the file name, resulting in a denial of service condition.
How can this vulnerability impact me? :
This vulnerability can impact you by causing the AnyBurn application to crash when an excessively long string is supplied in the 'Image file name' field during the 'Copy disk to Image' operation.
The impact is a denial of service (DoS) condition, meaning the application becomes unavailable or unusable until restarted.
There is no indication that this vulnerability allows for remote exploitation or code execution, so the primary risk is disruption of service on the local machine.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the crash condition locally on systems running AnyBurn 4.3. Specifically, a test involves supplying an excessively long string (10,000 bytes) into the 'Image file name' field during the 'Copy disk to Image' operation to see if the application crashes.
A practical detection method includes using a Python script to create a payload file with 10,000 'A' characters, copying its content to the clipboard, and then pasting it into the vulnerable input field in AnyBurn 4.3 to observe if the application crashes.
- Create a file named 'Evil.txt' containing 10,000 'A' characters using a Python script.
- Copy the content of 'Evil.txt' to the clipboard.
- Open AnyBurn 4.3 and select the 'Copy disk to Image' option.
- Paste the clipboard content into the 'Image file name' input field.
- Click 'Create Now' and observe if the application crashes, indicating the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of AnyBurn version 4.3 or restricting local access to systems running this vulnerable version to prevent exploitation.
Since the vulnerability requires local access and is triggered by supplying an excessively long string in the 'Image file name' field, users should avoid pasting or entering unusually long strings in this field.
Upgrading to a newer, patched version of AnyBurn (such as version 6.7 or later) when available is recommended to eliminate this vulnerability.