Description
SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer and execute shellcode in the application context.
Published: 2026-03-28
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

SC 7.16 has a stack‑based buffer overflow that allows a local attacker to supply an input string larger than 1052 bytes, overwriting the instruction pointer and executing shellcode within the application process. This flaw enables arbitrary code execution, compromising the confidentiality, integrity, and availability of the host system.

Affected Systems

The vulnerability affects the SC product version 7.16. Users running this build should verify their installation version and apply any available fix or upgrade to a non‑vulnerable release.

Risk and Exploitability

The CVSS score of 8.6 classifies this flaw as high severity. The EPSS score is below 1% and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires local access or the ability to supply oversized input to the application, and once triggered it results in code execution at the privileges of the running service.

Generated by OpenCVE AI on March 28, 2026 at 14:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch or upgrade to a version of SC that does not contain the SC v7.16 bug
  • If a patch or upgrade is not immediately available, configure network or application firewall rules to block or rate‑limit oversized input strings sent to the vulnerable service

Generated by OpenCVE AI on March 28, 2026 at 14:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 30 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Sc
Sc sc
Vendors & Products Sc
Sc sc

Sat, 28 Mar 2026 12:15:00 +0000

Type Values Removed Values Added
Description SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer and execute shellcode in the application context.
Title SC v7.16 Stack-Based Buffer Overflow Remote Code Execution
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Sc Sc
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T14:41:48.584Z

Reserved: 2026-03-28T11:48:03.595Z

Link: CVE-2018-25222

cve-icon Vulnrichment

Updated: 2026-03-30T14:41:45.119Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-28T12:16:02.983

Modified: 2026-03-30T13:26:07.647

Link: CVE-2018-25222

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T06:59:10Z

Weaknesses