Nixpkgs security tracker

Untriaged

Permalink CVE-2018-25225

8.4 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 3 weeks ago

SIPP 3.3 Stack-Based Buffer Overflow via Configuration File

SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets.

References

ExploitDB-45288 exploit
Official Product Homepage product
VulnCheck Advisory: SIPP 3.3 Stack-Based Buffer Overflow via Configuration File third-party-advisory

Affected products

SIPP

==3.3

Matching in nixpkgs

pkgs.sipp

SIPp testing tool

nixos-unstable 3.7.7
- nixpkgs-unstable 3.7.7
- nixos-unstable-small 3.7.7
nixos-25.11 3.7.3-unstable-2025-01-22
- nixos-25.11-small 3.7.3-unstable-2025-01-22
- nixpkgs-25.11-darwin 3.7.3-unstable-2025-01-22

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.sipp