CVE-2018-25253
Received Received - Intake
Buffer Overflow in Termite 3.4 UI Language Causes DoS

Publication date: 2026-04-04

Last updated on: 2026-04-27

Assigner: VulnCheck

Description
Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-04
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-04
EPSS Evaluated
2026-06-15
NVD
CVE-2018-25253
EUVD
EUVD-2018-21758
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
compuphase termite to 3.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2018-25253 is a buffer overflow vulnerability in Termite version 3.4, specifically in the User interface language settings field. Local attackers can exploit this by inputting an excessively long stringβ€”such as a 2000-byte payloadβ€”into this field, which causes the application to crash or become unresponsive, resulting in a denial of service (DoS). This happens because the application does not properly validate or limit the length of the input, leading to an out-of-bounds write.

Impact Analysis

The primary impact of this vulnerability is a denial of service condition. An attacker with local access can crash the Termite application by supplying a very long string in the User interface language settings field, causing the program to become unresponsive or terminate unexpectedly. This disrupts normal operation and availability of the software.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the denial of service condition on Termite 3.4 by inputting an excessively long string into the User interface language settings field.

A proof-of-concept method involves running a Python script that generates a 2000-character payload (e.g., 2000 'A's) written to a file, then copying and pasting this payload into the User interface language field within Termite's settings. Applying this input causes the application to crash or become unresponsive, confirming the presence of the vulnerability.

The Python script example to generate the payload is as follows:

  • python -c "print('A'*2000)" > boom.txt

After running this command, open the generated 'boom.txt' file, copy its contents, and paste it into the User interface language field in Termite 3.4 settings to test for the crash.

Mitigation Strategies

Immediate mitigation steps include avoiding the use of excessively long strings in the User interface language settings field of Termite 3.4.

Since the vulnerability requires local access to the application, restricting access to trusted users and environments can reduce risk.

Additionally, consider updating or patching Termite if a fixed version is available, or applying any vendor-recommended workarounds to prevent buffer overflow conditions.

If no patch is available, refrain from modifying the User interface language setting with untrusted or unusually long input.

Compliance Impact

The provided information does not specify any direct impact of CVE-2018-25253 on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25253. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart