CVE-2018-25432
Whois Buffer Overflow in Arm Whois 3.11
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arm | whois | 3.11 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler (SEH).
Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking.
How can this vulnerability impact me? :
This vulnerability allows local attackers to execute arbitrary code on the affected system.
Successful exploitation can lead to full control over the system, potentially compromising confidentiality, integrity, and availability of data and services.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local buffer overflow in Arm Whois 3.11 that requires a crafted malicious input file to trigger the overflow and overwrite the structured exception handler. Detection involves identifying the presence of Arm Whois version 3.11 or earlier on the system.
Since the exploit is local and triggered by a specific input file with a 672-byte offset to overwrite nSEH and SEH pointers, network detection is unlikely. Instead, detection should focus on verifying the installed version of Arm Whois and monitoring for suspicious local file inputs or crashes related to exception handling.
Suggested commands to detect the vulnerable software version on a system might include:
- On Windows, check the version of Arm Whois executable by running: `whois.exe /?` or checking file properties.
- Use system package managers or software inventory tools to identify Arm Whois version 3.11 or earlier.
- Monitor application logs or system event logs for crashes or exceptions related to Arm Whois.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Remove or restrict access to Arm Whois version 3.11 or earlier on all systems.
- Apply any available patches or updates from the vendor that address this buffer overflow vulnerability.
- Limit local user permissions to prevent untrusted users from executing or providing malicious input files to Arm Whois.
- Monitor systems for unusual crashes or behavior related to Arm Whois that might indicate exploitation attempts.
- Consider using application whitelisting or sandboxing to restrict execution of untrusted code.