Description
MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload to the Destination Address List field in the Finger function. Attackers can paste a crafted buffer exceeding expected input limits into the vulnerable field and trigger the Start button to cause a denial of service crash.
Published: 2026-03-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via local buffer overflow
Action: Apply Patch
AI Analysis

Impact

MegaPing contains a local buffer overflow that allows an attacker to crash the application by sending an oversized payload to the Destination Address List field used by the Finger function. The overflow occurs when the application does not properly validate the length of the input; when the Start button is pressed, the malicious buffer corrupts the stack and terminates the program, causing a denial of service. The weakness is a classic C/C++ buffer overrun, corresponding to CWE‑787.

Affected Systems

The vulnerability affects Magnetosoft MegaPing version 1.0. No other products or versions were listed as impacted. The exploit could target any installation of the 1.0 build that accepts Finger requests.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, focused on integrity of availability. The EPSS score of less than 1% suggests low likelihood of exploitation in the wild, and the issue is not listed in CISA’s KEV catalog. Because the exploit requires local access to craft the oversized payload, the attack vector is inferred to be local. An attacker would need to run a process on the same machine that invokes MegaPing’s Finger function with a malicious input. The crash would terminate the process and potentially impact service availability, but does not provide remote code execution or data exfiltration.

Generated by OpenCVE AI on March 27, 2026 at 19:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Magnetosoft’s website for a patch or newer version that addresses the buffer overflow and apply the update as soon as possible.
  • If a patch is not available, restrict the use of MegaPing to trusted accounts and disable the Finger function or the application entirely if the service is not required.
  • Monitor the system for crash logs or repeated failures of MegaPing and investigate any suspicious activity that may attempt to exploit the overflow.

Generated by OpenCVE AI on March 27, 2026 at 19:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:magnetosoft:megaping:1.0:*:*:*:*:*:*:*

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Magnetosoft
Magnetosoft megaping
Vendors & Products Magnetosoft
Magnetosoft megaping

Thu, 26 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload to the Destination Address List field in the Finger function. Attackers can paste a crafted buffer exceeding expected input limits into the vulnerable field and trigger the Start button to cause a denial of service crash.
Title MegaPing Local Buffer Overflow Denial of Service
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Magnetosoft Megaping
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-26T18:34:08.615Z

Reserved: 2026-03-26T13:16:17.931Z

Link: CVE-2018-25214

cve-icon Vulnrichment

Updated: 2026-03-26T18:34:04.676Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T14:16:05.123

Modified: 2026-03-27T18:21:33.987

Link: CVE-2018-25214

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:26:11Z

Weaknesses