Description
AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image' operation to trigger a denial of service condition.
Published: 2026-03-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Denial of Service
Action: Apply Patch
AI Analysis

Impact

This vulnerability is a local buffer overflow that occurs when AnyBurn 4.3 processes an image file name during the "Copy disk to Image" operation. An attacker can supply an excessively long string—up to 10,000 bytes—into the image file name field, causing the application to crash. The flaw is a classic CWE‑787 overflow that leads to a denial of service. The impact is limited to the integrity of the application’s availability, not to remote control or data disclosure. The issue does not provide attacker privileges beyond the local user running the program.

Affected Systems

The affected product is AnyBurn version 4.3 from Anyburn. No other versions are listed in the CNA data, so the only explicitly vulnerable release is 4.3. No additional vendor or product information is supplied beyond this single version.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, and the EPSS score is not provided, so the likelihood of exploitation is unknown. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local; an attacker needs the ability to run the AnyBurn application or otherwise supply a crafted image file name. Because the flaw causes an application crash, the consequence is restricted to service interruption and is recoverable by restarting the program. Recovery is mitigated by application restarts and system restarts. An unauthorized remote attacker would need to first gain local execution to exploit this weakness.

Generated by OpenCVE AI on March 26, 2026 at 15:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify your installation of AnyBurn is at or above the latest released version and apply any vendor-supplied patch or upgrade to a version that eliminates the buffer overflow. If no official patch is available, restrict local access to the AnyBurn executable to trusted users only. Avoid using the "Copy disk to Image" feature with unusually long filenames or disable the feature entirely. Monitor application logs for repeated crashes, and consider restarting the application or the host system to restore availability if a crash occurs.

Generated by OpenCVE AI on March 26, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Anyburn
Anyburn anyburn
Vendors & Products Anyburn
Anyburn anyburn

Thu, 26 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image' operation to trigger a denial of service condition.
Title AnyBurn 4.3 Denial of Service Local Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Anyburn Anyburn
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-26T18:33:16.849Z

Reserved: 2026-03-26T13:17:00.377Z

Link: CVE-2018-25216

cve-icon Vulnrichment

Updated: 2026-03-26T18:33:12.667Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-26T14:16:05.507

Modified: 2026-03-26T15:13:15.790

Link: CVE-2018-25216

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:26:54Z

Weaknesses