CVE-2018-25262
Buffer Overflow in Angry IP Scanner 3.5.3 Causes DoS
Publication date: 2026-04-22
Last updated on: 2026-04-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| angryip | angry_ip_scanner | to 3.5.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service condition where the Angry IP Scanner application crashes when processing malicious input in the port selection field.
This can disrupt normal use of the application, potentially causing loss of productivity or interruption of network scanning tasks.
Can you explain this vulnerability to me?
This vulnerability exists in Angry IP Scanner for Linux version 3.5.3. It is a denial of service issue that allows local attackers to crash the application by providing malformed input specifically to the port selection field.
Attackers can create a malicious string containing buffer overflow patterns and paste it into the Preferences Ports tab, which triggers the application to crash.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is triggered by supplying malformed input to the port selection field in Angry IP Scanner for Linux 3.5.3, causing the application to crash. Detection involves monitoring for crashes or abnormal behavior of Angry IP Scanner when using the Preferences Ports tab.
Since the vulnerability is local and requires interaction with the application's GUI, there are no specific network commands to detect it remotely.
To detect if the application is vulnerable or being exploited, you can monitor application logs or system logs for crash reports related to Angry IP Scanner.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid supplying or pasting any malformed or suspicious input into the port selection field in the Preferences Ports tab of Angry IP Scanner.
Restrict local user access to Angry IP Scanner to trusted users only, as the vulnerability requires local interaction.
Monitor for updates or patches from the Angry IP Scanner developers and apply them as soon as they become available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Angry IP Scanner for Linux 3.5.3 is a denial of service (DoS) issue that allows local attackers to crash the application by supplying malformed input. It impacts the availability of the application but does not affect confidentiality or integrity of data.
Since the vulnerability does not involve unauthorized access to or disclosure of personal or sensitive data, it does not directly impact compliance with data protection regulations such as GDPR or HIPAA, which primarily focus on confidentiality and integrity of personal health or personal data.
However, the availability impact could be relevant in environments where continuous availability is a compliance requirement or critical for operational security, but no explicit compliance violation is indicated by the provided information.