Description
Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can paste a malicious payload into the Computer Name input field and click Activate to trigger a denial of service condition that crashes the application.
Published: 2026-03-30
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Free IP Switcher 3.1 contains a buffer overflow condition that can be triggered by entering an excessively long string in the Computer Name field. When an attacker activates the switch with such a payload, the application crashes. The effect is a loss of availability for users running the software; there is no direct impact on confidentiality or integrity of data.

Affected Systems

The vulnerability is known to affect the Free IP Switcher 3.1 application from Eusing. No other versions or products are listed as affected.

Risk and Exploitability

The CVSS score of 6.8 reflects moderate severity. No EPSS score is available, and the flaw is not listed in the CISA KEV catalog. Because the attack vector is local, exploitation requires the attacker to have local access to the machine running the software. The complexity is low, but the impact is a denial of service to local users. Overall, the risk is moderate.

Generated by OpenCVE AI on March 30, 2026 at 12:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched release of Free IP Switcher if one is available
  • Verify that the Computer Name input accepts only allowable lengths by testing with a long string
  • If no patch exists, limit use of the program to trusted local accounts and consider disabling the Computer Name feature
  • Monitor the application for crashes and apply vendor updates as soon as they are released

Generated by OpenCVE AI on March 30, 2026 at 12:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Eusing
Eusing free Ip Switcher
Vendors & Products Eusing
Eusing free Ip Switcher

Mon, 30 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 30 Mar 2026 11:15:00 +0000

Type Values Removed Values Added
Description Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can paste a malicious payload into the Computer Name input field and click Activate to trigger a denial of service condition that crashes the application.
Title Free IP Switcher 3.1 Denial of Service via Computer Name
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Eusing Free Ip Switcher
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-30T14:04:07.751Z

Reserved: 2026-03-30T10:55:56.362Z

Link: CVE-2018-25230

cve-icon Vulnrichment

Updated: 2026-03-30T14:03:48.343Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-30T12:16:16.637

Modified: 2026-03-30T13:26:07.647

Link: CVE-2018-25230

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:41:03Z

Weaknesses