Description
NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP overwrite into the Hostname/IP field to trigger a denial of service condition.
Published: 2026-04-04
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

A buffer overflow exists in the Hostname/IP field of NetSchedScan 1.0. When a user supplies an overly long string—specifically 388 bytes followed by an overwrite of the return pointer—the application crashes, resulting in a denial of service. The flaw permits a local attacker to trigger the crash through a crafted payload, compromising the availability of the service without affecting confidentiality or integrity.

Affected Systems

The affected product is Foundstone NetSchedScan version 1.0, as identified by the CNA and represented in the advisory. No further versions are listed as affected, and only this product appears to be vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, and the EPSS score of less than 1 percent suggests low exploitation likelihood. The vulnerability is not catalogued in CISA's KEV list, implying it is not a known exploited vulnerability at this time. The attack vector is local: an attacker must have access to the system running NetSchedScan to supply the malicious input. Given the lack of publicly documented remote exploitation, the risk is primarily confined to environments where the application is exposed to untrusted local users.

Generated by OpenCVE AI on April 14, 2026 at 21:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor patch or upgrade to a newer version of NetSchedScan if one has been released.
  • If a patch is unavailable, configure the application to enforce input length checks on the Hostname/IP field.
  • Limit local system access to trusted personnel to reduce the chance that an attacker can supply the malformed input.

Generated by OpenCVE AI on April 14, 2026 at 21:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Mcafee
Mcafee netschedscan
CPEs cpe:2.3:a:mcafee:netschedscan:1.0:*:*:*:*:*:*:*
Vendors & Products Mcafee
Mcafee netschedscan

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Foundstone
Foundstone netschedscan
Vendors & Products Foundstone
Foundstone netschedscan

Mon, 06 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 04 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP overwrite into the Hostname/IP field to trigger a denial of service condition.
Title NetSchedScan 1.0 Buffer Overflow Denial of Service
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Foundstone Netschedscan
Mcafee Netschedscan
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T16:43:56.885Z

Reserved: 2026-04-04T13:29:58.990Z

Link: CVE-2016-20050

cve-icon Vulnrichment

Updated: 2026-04-06T16:43:33.827Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-04T14:16:16.317

Modified: 2026-04-14T19:03:37.050

Link: CVE-2016-20050

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T16:30:09Z

Weaknesses