CVE-2018-25281
Received Received - Intake
Buffer Overflow in iCash 7.6.5 Causes Local Application Crash

Publication date: 2026-04-26

Last updated on: 2026-04-26

Assigner: VulnCheck

Description
iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Attackers can paste a 7000-byte string into the Host field and click Connect to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-26
Last Modified
2026-04-26
Generated
2026-06-16
AI Q&A
2026-04-27
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25281
EUVD
EUVD-2018-21801
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
icash icash 7.6.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability involves a buffer overflow triggered by supplying an oversized payload through the Connect to Server dialog in iCash 7.6.5. Specifically, an attacker can paste a 7000-byte string into the Host field and click Connect to cause the application to crash.

Detection on your system would involve monitoring for crashes or abnormal behavior of the iCash application when connecting to a server, especially if unusually large input strings are used in the Host field.

Since no specific detection commands or network signatures are provided, you can manually test by attempting to reproduce the issue in a controlled environment by inputting a large string (e.g., 7000 bytes) into the Host field of the Connect to Server dialog and observing if the application crashes.

Mitigation Strategies

Immediate mitigation steps include avoiding the use of oversized input strings in the Host field of the Connect to Server dialog in iCash 7.6.5 to prevent triggering the buffer overflow.

Additionally, restrict local access to the application to trusted users only, as the vulnerability requires local attacker interaction.

Since no patches or updates are mentioned, consider monitoring for updates from the vendor or applying any available security patches once released.

Executive Summary

The vulnerability in iCash 7.6.5 is a buffer overflow issue that occurs when a local attacker inputs an oversized payload into the Connect to Server dialog. Specifically, by pasting a 7000-byte string into the Host field and clicking Connect, the attacker can cause the application to crash.

Impact Analysis

This vulnerability can impact you by allowing a local attacker to crash the iCash application, leading to a denial of service. The application becomes unavailable or unstable due to the crash triggered by the oversized input.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25281. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart