CVE-2018-25268
Received Received - Intake

Buffer Overflow in LanSpy 2.0.1.159 Enables Code Execution

Vulnerability report for CVE-2018-25268, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-22

Last updated on: 2026-04-27

Assigner: VulnCheck

Description

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers can craft a payload with 688 bytes of padding followed by 4 bytes of controlled data to crash the application or potentially achieve code execution.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-22
Last Modified
2026-04-27
Generated
2026-07-06
AI Q&A
2026-04-22
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
lizardsystems lanspy 2.0.1.159

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

LanSpy version 2.0.1.159 has a local buffer overflow vulnerability. This occurs when an attacker provides input that is too large for the scan field, allowing them to overwrite the instruction pointer.

Specifically, an attacker can create a payload consisting of 688 bytes of padding followed by 4 bytes of controlled data. This can cause the application to crash or potentially allow the attacker to execute arbitrary code.

Impact Analysis

This vulnerability can have serious impacts including crashing the LanSpy application or enabling an attacker to execute arbitrary code on the affected system.

Such code execution could allow attackers to take control of the system, potentially leading to data theft, system compromise, or further attacks within the network.

Compliance Impact

The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability is a local buffer overflow in the LanSpy application triggered by supplying an oversized input to the scan field.

To detect the vulnerability, you can reproduce the exploit locally by creating a specially crafted input file containing 688 padding characters followed by 4 controlled bytes, then inputting this payload into the scan field of LanSpy.

A Python script can be used to generate this payload file (e.g., "exploit.txt") with 688 'A' characters followed by 4 'B' characters.

  • Run the Python script to create the payload file.
  • Open LanSpy and paste the contents of the payload file into the scan field.
  • Start the scan and observe if the application crashes or behaves abnormally, indicating the presence of the vulnerability.
Mitigation Strategies

Immediate mitigation steps include avoiding the use of the vulnerable LanSpy version 2.0.1.159 or earlier.

Do not input oversized or untrusted data into the scan field of LanSpy to prevent triggering the buffer overflow.

If possible, update to a fixed or patched version of LanSpy once available from the vendor.

Restrict local access to the application to trusted users only, as the vulnerability requires local interaction.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25268. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart