CVE-2018-25268 | THREATINT

Description

LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers can craft a payload with 688 bytes of padding followed by 4 bytes of controlled data to crash the application or potentially achieve code execution.

PUBLISHED Reserved 2026-04-22 | Published 2026-04-22 | Updated 2026-04-22 | Assigner VulnCheck

HIGH: 8.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Out-of-bounds Write

Product status

2.0.1.159

affected

Credits

Gionathan "John" Reale finder

References

www.exploit-db.com/exploits/45968 (ExploitDB-45968) exploit

lizardsystems.com (Official Product Homepage) product

www.vulncheck.com/...py-local-buffer-overflow-via-scan-field (VulnCheck Advisory: LanSpy 2.0.1.159 Local Buffer Overflow via Scan Field) third-party-advisory

cve.org (CVE-2018-25268)

nvd.nist.gov (CVE-2018-25268)

Download JSON