CVE-2018-25423
Deferred Deferred - Pending Action
Buffer Overflow in Arm Whois Application

Publication date: 2026-05-30

Last updated on: 2026-06-01

Assigner: VulnCheck

Description
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 bytes into the IP address or domain input field to trigger a denial of service condition.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-30
Last Modified
2026-06-01
Generated
2026-06-19
AI Q&A
2026-05-30
EPSS Evaluated
2026-06-18
NVD
CVE-2018-25423
EUVD
EUVD-2018-21945
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
armcode arm_whois 3.11
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of the CVE-2018-25423 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2018-25423 is a buffer overflow vulnerability in Arm Whois version 3.11. It occurs when a local attacker supplies an oversized input stringβ€”specifically, a malicious buffer of 700 bytesβ€”into the IP address or domain input field. This causes the application to crash, resulting in a denial of service condition.

Impact Analysis

This vulnerability can impact you by causing the Arm Whois application to crash when it receives a specially crafted input. This denial of service (DoS) condition means that legitimate users will be unable to use the application while it is crashed, potentially disrupting network analysis or IP geolocation tasks that rely on this software.

Detection Guidance

This vulnerability can be detected by attempting to reproduce the crash condition on the Arm Whois 3.11 application. The detection involves sending a crafted input of 700 'A' characters to the IP address or domain input field of the application.

A practical method is to run a Python script that generates a string of 700 'A' characters, copy this string to the clipboard, launch Arm Whois 3.11, paste the input into the "IP address or domain" field, and then click the button to retrieve IP-address info. If the application crashes, the vulnerability is present.

There are no specific network commands mentioned to detect this vulnerability remotely, as it is triggered by local input to the application.

Mitigation Strategies

Immediate mitigation steps include avoiding the use of oversized input strings (specifically inputs of 700 bytes or more) in the IP address or domain input fields of Arm Whois 3.11.

Since the vulnerability is triggered by local input, restricting access to the application to trusted users and environments can reduce the risk of exploitation.

Additionally, monitoring for application crashes and applying any available patches or updates from the vendor when released is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25423. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart