Description
MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload to the Destination Address List field in the Finger function. Attackers can paste a crafted buffer exceeding expected input limits into the vulnerable field and trigger the Start button to cause a denial of service crash.
Published: 2026-03-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Update
AI Analysis

Impact

The vulnerability is a local buffer overflow in MegaPing that occurs when an attacker supplies an oversized payload to the Destination Address List field of the Finger function and activates the Start button. The overflow causes the application to crash, resulting in a denial of service. The weakness is a classic buffer overflow (CWE-787).

Affected Systems

The affected product is Magnetosoft MegaPing. No version information is provided in the advisory, implying that all releases could potentially be vulnerable until an official fix is released.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. EPSS data is unavailable and the vulnerability is not listed in the CISA KEV catalog, suggesting a lower likelihood of widespread exploitation. Exploitation requires local access to the host running MegaPing, meaning that the threat is limited to users who have the ability to execute code locally. Nonetheless, any such local attacker can reliably crash the application, disrupting availability until mitigated.

Generated by OpenCVE AI on March 26, 2026 at 15:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Magnetosoft’s website or support for a patch or newer release that fixes the buffer overflow.
  • If no patch is available, disable or restrict use of the Finger function to trusted accounts only.
  • Run MegaPing in a sandbox or virtual machine with limited privileges to contain crashes.
  • Apply least‑privilege policies to prevent local attackers from running the vulnerable application.

Generated by OpenCVE AI on March 26, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Magnetosoft
Magnetosoft megaping
Vendors & Products Magnetosoft
Magnetosoft megaping

Thu, 26 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload to the Destination Address List field in the Finger function. Attackers can paste a crafted buffer exceeding expected input limits into the vulnerable field and trigger the Start button to cause a denial of service crash.
Title MegaPing Local Buffer Overflow Denial of Service
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Magnetosoft Megaping
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-26T18:34:08.615Z

Reserved: 2026-03-26T13:16:17.931Z

Link: CVE-2018-25214

cve-icon Vulnrichment

Updated: 2026-03-26T18:34:04.676Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-26T14:16:05.123

Modified: 2026-03-26T15:13:15.790

Link: CVE-2018-25214

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:28:15Z

Weaknesses