CVE-2019-25607

Sažetak

Axessh 4.2 contains a stack-based buffer overflow vulnerability in the log file name field that allows local attackers to execute arbitrary code by supplying an excessively long filename. Attackers can overflow the buffer at offset 214 bytes to overwrite the instruction pointer and execute shellcode with system privileges.

Reference

http://www.labf.com
http://www.labf.com/download/axessh.exe
https://www.exploit-db.com/exploits/46858
https://www.exploit-db.com/exploits/46922
https://www.exploit-db.com/shellcodes/46281
https://www.vulncheck.com/advisories/axessh-local-stack-based-buffer-overflow-via-log-file-name

CVSS

Base:	8.4
Impact:	5.9
Exploitability:	2.5

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

22-03-2026 - 14:16

Objavljeno

22-03-2026 - 14:16