CVE-2018-25427
Deferred Deferred - Pending Action
Stack-Based Buffer Overflow in Arm Whois

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulnCheck

Description
Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception handler and gain command execution when the application processes the input.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2018-25427
EUVD
EUVD-2018-21957
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
arm whois 3.11
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability can be detected by attempting to reproduce the buffer overflow condition using a crafted input exceeding 658 bytes in the IP address or domain field of Arm Whois 3.11. The exploit involves sending a specially crafted payload that overwrites the structured exception handler (SEH) to trigger arbitrary code execution.

One practical detection method is to run the provided Python exploit script from Resource 1, which generates the malicious payload. By pasting this payload into the vulnerable application's input field, you can observe if the application crashes or spawns a command shell, indicating the presence of the vulnerability.

There are no specific network commands mentioned for detection, but monitoring for unusual or oversized input to the IP address or domain field in Arm Whois 3.11 could help identify exploitation attempts.

Executive Summary

Arm Whois 3.11 contains a stack-based buffer overflow vulnerability. This occurs when the application processes input that is larger than expected, specifically when an attacker supplies an input exceeding 658 bytes to the IP address or domain field.

By crafting malicious input with embedded shellcode, an attacker can overwrite the structured exception handler in the program's memory. This allows the attacker to execute arbitrary code remotely on the affected system.

Impact Analysis

This vulnerability can have severe impacts as it allows remote attackers to execute arbitrary code on the affected system without any privileges or user interaction.

Successful exploitation could lead to full system compromise, including unauthorized access, data theft, system manipulation, or disruption of services.

Compliance Impact

The provided context and resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

Immediate mitigation steps include avoiding the use of Arm Whois version 3.11 or earlier until a patch or updated version is available, as the vulnerability allows remote code execution without authentication or user interaction.

Restrict access to the application to trusted users and networks to reduce the risk of exploitation.

Monitor and block any inputs or network traffic that attempt to send oversized payloads (greater than 658 bytes) to the IP address or domain field of the application.

Consider using application-level firewalls or intrusion detection systems to detect and prevent attempts to exploit this buffer overflow vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25427. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart