CVE-2018-25281
Buffer Overflow in iCash 7.6.5 Causes Local Application Crash
Publication date: 2026-04-26
Last updated on: 2026-04-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| icash | icash | 7.6.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in iCash 7.6.5 is a buffer overflow issue that occurs when a local attacker inputs an oversized payload into the Connect to Server dialog. Specifically, by pasting a 7000-byte string into the Host field and clicking Connect, the attacker can cause the application to crash.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a local attacker to crash the iCash application, leading to a denial of service. The application becomes unavailable or unstable due to the crash triggered by the oversized input.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a buffer overflow triggered by supplying an oversized payload through the Connect to Server dialog in iCash 7.6.5. Specifically, an attacker can paste a 7000-byte string into the Host field and click Connect to cause the application to crash.
Detection on your system would involve monitoring for crashes or abnormal behavior of the iCash application when connecting to a server, especially if unusually large input strings are used in the Host field.
Since no specific detection commands or network signatures are provided, you can manually test by attempting to reproduce the issue in a controlled environment by inputting a large string (e.g., 7000 bytes) into the Host field of the Connect to Server dialog and observing if the application crashes.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of oversized input strings in the Host field of the Connect to Server dialog in iCash 7.6.5 to prevent triggering the buffer overflow.
Additionally, restrict local access to the application to trusted users only, as the vulnerability requires local attacker interaction.
Since no patches or updates are mentioned, consider monitoring for updates from the vendor or applying any available security patches once released.