VYPR
← All advisories
Medium severity6.2NVD Advisory· Published May 30, 2026

CVE-2018-25423

CVE-2018-25423

Description

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a malicious buffer of 700 bytes into the IP address or domain input field to trigger a denial of service condition.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Arm Whois 3.11 contains a buffer overflow allowing local attackers to crash the application via an oversized input string.

Vulnerability

Arm Whois version 3.11 contains a buffer overflow vulnerability (CWE-120) in the input handling for the IP address or domain field. An attacker can supply an oversized input string of 700 bytes, which exceeds the allocated buffer size, leading to a crash. The affected software is Arm Whois version 3.11 and possibly earlier versions [1][2].

Exploitation

The attack requires local access to the application. The attacker pastes a malicious buffer of 700 bytes into the IP address or domain input field. No authentication or user interaction beyond entering the input is needed. The condition is reachable directly through the normal user interface [2].

Impact

Successful exploitation results in a denial of service condition, causing the application to crash. The CVSS v4.0 vector indicates high availability impact with no confidentiality or integrity impact. The crash does not lead to privilege escalation or remote code execution [2].

Mitigation

As of the latest available references, no official patch or fixed version has been published for Arm Whois version 3.11. Users are advised to monitor the vendor's website (armcode.com) for updates or to consider using alternative tools. No known workaround is documented [1][2].

References
  1. Host and City Location on the World Map
  2. Arm Whois 3.11 Denial of Service via Buffer Overflow

AI Insight generated on May 30, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

4

News mentions

0

No linked articles in our index yet.