CVE-2018-25262
Received Received - Intake
Buffer Overflow in Angry IP Scanner 3.5.3 Causes DoS

Publication date: 2026-04-22

Last updated on: 2026-04-27

Assigner: VulnCheck

Description
Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Attackers can craft a malicious string containing buffer overflow patterns and paste it into the Preferences Ports tab to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-22
EPSS Evaluated
2026-06-15
NVD
CVE-2018-25262
EUVD
EUVD-2018-21779
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
angryip angry_ip_scanner to 3.5.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The impact of this vulnerability is a denial of service condition where the Angry IP Scanner application crashes when processing malicious input in the port selection field.

This can disrupt normal use of the application, potentially causing loss of productivity or interruption of network scanning tasks.

Compliance Impact

The vulnerability in Angry IP Scanner for Linux 3.5.3 is a denial of service (DoS) issue that allows local attackers to crash the application by supplying malformed input. It impacts the availability of the application but does not affect confidentiality or integrity of data.

Since the vulnerability does not involve unauthorized access to or disclosure of personal or sensitive data, it does not directly impact compliance with data protection regulations such as GDPR or HIPAA, which primarily focus on confidentiality and integrity of personal health or personal data.

However, the availability impact could be relevant in environments where continuous availability is a compliance requirement or critical for operational security, but no explicit compliance violation is indicated by the provided information.

Executive Summary

This vulnerability exists in Angry IP Scanner for Linux version 3.5.3. It is a denial of service issue that allows local attackers to crash the application by providing malformed input specifically to the port selection field.

Attackers can create a malicious string containing buffer overflow patterns and paste it into the Preferences Ports tab, which triggers the application to crash.

Detection Guidance

This vulnerability is triggered by supplying malformed input to the port selection field in Angry IP Scanner for Linux 3.5.3, causing the application to crash. Detection involves monitoring for crashes or abnormal behavior of Angry IP Scanner when using the Preferences Ports tab.

Since the vulnerability is local and requires interaction with the application's GUI, there are no specific network commands to detect it remotely.

To detect if the application is vulnerable or being exploited, you can monitor application logs or system logs for crash reports related to Angry IP Scanner.

Mitigation Strategies

To mitigate this vulnerability, avoid supplying or pasting any malformed or suspicious input into the port selection field in the Preferences Ports tab of Angry IP Scanner.

Restrict local user access to Angry IP Scanner to trusted users only, as the vulnerability requires local interaction.

Monitor for updates or patches from the Angry IP Scanner developers and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25262. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart