CVE-2018-25367— NASA openVSP 3.16.1 Denial of Service via Buffer Overflow
Possible ATT&CK Techniques 1AI
T1499 · Endpoint Denial of ServiceGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-25367
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NASA openVSP 3.16.1 Denial of Service via Buffer Overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
NASA openVSP 3.16.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the geometry name field. Attackers can trigger a denial of service by pasting a 5000-byte payload into the name input field within the Geom browser pod addition interface.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2018-25367
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-25367
请登录查看更多情报信息。
Exploits & Public PoCs for CVE-2018-25367 (1)
News Coverage for CVE-2018-25367 (1)
Other References for CVE-2018-25367 (1)
IV. Related Vulnerabilities
Same vendor: NASA
- CVE-2026-41144
F´ (F Prime) has Integer Overflow in FileUplink - CVE-2026-5476
NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadS - CVE-2026-5475
NASA cFS CCSDS Header Size cfe_sb_priv.c CFE_SB_TransmitMsg - CVE-2026-5474
NASA cFS CCSDS Packet Header to_lab_passthru_encode.c CFE_MS - CVE-2026-5473
NASA cFS Pickle pickle.load deserialization
Same weakness: CWE-120
- CVE-2018-25377
Flash Slideshow Maker Professional 5.20 Buffer Overflow SEH - CVE-2018-25376
Socusoft 3GP Photo Slideshow 8.05 Buffer Overflow SEH - CVE-2018-25369
Visual Ping 0.8.0.0 Buffer Overflow Denial of Service - CVE-2018-25366
CuteFTP 5.0 XP Buffer Overflow via Site Manager Label Field - CVE-2026-9443
Edimax BR-6478AC POST Request formL2TPSetup buffer overflow
V. Comments for CVE-2018-25367
No comments yet