CVE-2018-25280
Buffer Overflow in Infiltrator Scanner 4.6 Causes DoS
Publication date: 2026-04-26
Last updated on: 2026-04-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| infiltrator_network_security | infiltrator_network_security_scanner | 4.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Infiltrator Network Security Scanner version 4.6 and is a buffer overflow issue. It allows local attackers to crash the application by providing an input string that is too large. Specifically, an attacker can paste a 6000-byte payload into the Scan Target field and cause the application to crash when the Scan button is clicked.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a denial of service (DoS) condition. An attacker with local access can cause the Infiltrator Network Security Scanner application to crash by supplying an oversized input, disrupting normal operation and potentially affecting availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, avoid supplying oversized input strings, specifically inputs around 6000 bytes, into the Scan Target field of Infiltrator Network Security Scanner 4.6.
Ensure that users do not click the Scan button after entering such large inputs to prevent triggering the denial of service condition.
Limit local user access to the application to reduce the risk of local attackers exploiting this buffer overflow vulnerability.