Description
Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Attackers can craft a malicious string containing buffer overflow patterns and paste it into the Preferences Ports tab to trigger an application crash.
Published: 2026-04-22
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

The vulnerability in Angry IP Scanner for Linux 3.5.3 is a stack‑based buffer overflow (CWE‑787). Local users can trigger it by entering a crafted string containing overflow patterns into the Preferences → Ports field, causing the application to crash and become unavailable.

Affected Systems

Angry IP Scanner for Linux, version 3.5.3, is susceptible. All installations of this exact version are affected.

Risk and Exploitability

The CVSS score of 6.9 denotes a moderate risk. Exploitability is limited to local users who can interact with the GUI; the attacker must supply malicious input via the Preferences → Ports tab. The EPSS score is not available and the vulnerability is not listed in CISA KEV, indicating no known widespread exploitation. Consequently, the risk is significant for end‑users running the application locally, but not for remote attackers.

Generated by OpenCVE AI on April 27, 2026 at 08:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest available version of Angry IP Scanner, which includes the fix for the buffer overflow in the Preferences Ports field.
  • Clear or reset any custom port entries in the Preferences → Ports tab before applying the update to eliminate malformed inputs that may trigger the crash.
  • Restrict local user accounts from modifying the Preferences Ports setting, or run Angry IP Scanner within a sandboxed environment to isolate it, thereby limiting the impact of the denial of service.

Generated by OpenCVE AI on April 27, 2026 at 08:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Angryip angry Ip Scanner For Linux
Vendors & Products Angryip angry Ip Scanner For Linux

Mon, 27 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Angryip
Angryip angry Ip Scanner
CPEs cpe:2.3:a:angryip:angry_ip_scanner:*:*:*:*:*:linux:*:*
Vendors & Products Angryip
Angryip angry Ip Scanner

Wed, 22 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Attackers can craft a malicious string containing buffer overflow patterns and paste it into the Preferences Ports tab to trigger an application crash.
Title Angry IP Scanner for Linux 3.5.3 Denial of Service
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Angryip Angry Ip Scanner Angry Ip Scanner For Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-22T15:59:35.159Z

Reserved: 2026-04-22T11:25:18.524Z

Link: CVE-2018-25262

cve-icon Vulnrichment

Updated: 2026-04-22T15:57:37.011Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-22T16:16:46.753

Modified: 2026-04-27T17:30:45.290

Link: CVE-2018-25262

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T19:54:57Z

Weaknesses