Description
Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the application.
Published: 2026-04-04
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Termite 3.4 contains a buffer overflow vulnerable field in its user interface language settings. By entering an excessively long string—up to 2000 bytes—a local attacker can trigger a crash of the application. The resulting impact is loss of availability, potentially interrupting services that rely on the Termite application. The weakness is a classic buffer overflow, categorized as CWE-787.

Affected Systems

The product affected is Compuphase Termite. Version 3.4 is the specific release containing the flaw. Any deployment of this version is susceptible to the described denial‑of‑service condition.

Risk and Exploitability

With a CVSS base score of 6.9, the vulnerability is considered moderate in severity. Because the exposure is local and requires the attacker to have access to the target system’s desktop environment, the attack is likely constrained to users who can operate in the Termite UI. No EPSS score is available, preventing an assessment of current exploitation probability. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 4, 2026 at 17:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify that your installation is running Termite 3.4 or a newer version.
  • If an update or patch is available, apply it as soon as possible.
  • If no patch exists, restrict local user access to the Termite application to limit attack surface, or disable the language settings if feasible.

Generated by OpenCVE AI on April 4, 2026 at 17:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:compuphase:termite:*:*:*:*:*:*:*:*

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Compuphase
Compuphase termite
Vendors & Products Compuphase
Compuphase termite

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 04 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the application.
Title Termite 3.4 Denial of Service via Settings Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Compuphase Termite
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T18:54:29.717Z

Reserved: 2026-04-04T13:28:40.694Z

Link: CVE-2018-25253

cve-icon Vulnrichment

Updated: 2026-04-06T18:54:21.562Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-04T14:16:21.553

Modified: 2026-04-27T13:24:29.960

Link: CVE-2018-25253

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:57:34Z

Weaknesses