CVE-2018-25423
Buffer Overflow in Arm Whois Application
Publication date: 2026-05-30
Last updated on: 2026-05-30
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| armcode | arm_whois | 3.11 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2018-25423 is a buffer overflow vulnerability in Arm Whois version 3.11. It occurs when a local attacker supplies an oversized input stringβspecifically, a malicious buffer of 700 bytesβinto the IP address or domain input field. This causes the application to crash, resulting in a denial of service condition.
How can this vulnerability impact me? :
This vulnerability can impact you by causing the Arm Whois application to crash when it receives a specially crafted input. This denial of service (DoS) condition means that legitimate users will be unable to use the application while it is crashed, potentially disrupting network analysis or IP geolocation tasks that rely on this software.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the crash condition on the Arm Whois 3.11 application. The detection involves sending a crafted input of 700 'A' characters to the IP address or domain input field of the application.
A practical method is to run a Python script that generates a string of 700 'A' characters, copy this string to the clipboard, launch Arm Whois 3.11, paste the input into the "IP address or domain" field, and then click the button to retrieve IP-address info. If the application crashes, the vulnerability is present.
There are no specific network commands mentioned to detect this vulnerability remotely, as it is triggered by local input to the application.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of oversized input strings (specifically inputs of 700 bytes or more) in the IP address or domain input fields of Arm Whois 3.11.
Since the vulnerability is triggered by local input, restricting access to the application to trusted users and environments can reduce the risk of exploitation.
Additionally, monitoring for application crashes and applying any available patches or updates from the vendor when released is recommended.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the CVE-2018-25423 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.