CVE-2018-25222

NameCVE-2018-25222
DescriptionSC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer and execute shellcode in the application context.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sc (PTS)bullseye7.16-4vulnerable
bookworm7.16-4.1vulnerable
trixie7.16-1.1.2-1vulnerable
forky, sid7.16-1.1.3-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
scsource(unstable)(unfixed)

Notes

https://www.exploit-db.com/exploits/44279
Search for package or bug name: Reporting problems