Description
Angry IP Scanner 3.5.3 contains a buffer overflow vulnerability in the preferences dialog that allows local attackers to crash the application by supplying an excessively large string. Attackers can generate a file containing a massive buffer of repeated characters and paste it into the unavailable value field in the display preferences to trigger a denial of service.
Published: 2026-04-22
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Angry IP Scanner 3.5.3 contains a buffer overflow in its preferences dialog. When a user pastes an excessively large string into the ‘unavailable value’ field, the application reads beyond the allocated buffer, causing the program to crash. This overflow is a local denial‑of‑service vulnerability that disrupts normal use of Angry IP Scanner but does not provide access to data or compromise system integrity. The weakness is catalogued as CWE‑787.

Affected Systems

The flaw is limited to version 3.5.3 of Angry IP Scanner, a network scanning utility provided by Angryip. Earlier versions are not mentioned as affected, and the CVE does not list additional affected releases. Therefore, only installations of 3.5.3 are directly vulnerable.

Risk and Exploitability

The CVSS score of 6.9 classifies the issue as medium severity, and the EPSS metric is not available. The vulnerability requires local user interaction to supply the oversized preference string; it does not allow remote exploitation or privilege escalation. Because the flaw’s impact is a crash of the application rather than data loss or unauthorized access, the overall risk is considered limited to individual users who run Angry IP Scanner, and the likelihood of widespread damage is low. The vulnerability is not listed in CISA's KEV catalog, which further indicates that no public exploitation activity has been documented.

Generated by OpenCVE AI on April 22, 2026 at 18:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest version of Angry IP Scanner, which contains a fixed preferences parser and eliminates the overflow.
  • If an upgrade cannot be performed immediately, manually edit the preferences file to remove or shrink any overly large values in the “unavailable value” field before launching the application.
  • Restrict local user permissions to prevent arbitrary editing of the preferences file, ensuring that only trusted administrators can modify entries that could trigger the overflow.

Generated by OpenCVE AI on April 22, 2026 at 18:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Angryip
Angryip angry Ip Scanner
CPEs cpe:2.3:a:angryip:angry_ip_scanner:3.5.3:*:*:*:*:windows:*:*
Vendors & Products Angryip
Angryip angry Ip Scanner

Wed, 22 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 22 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description Angry IP Scanner 3.5.3 contains a buffer overflow vulnerability in the preferences dialog that allows local attackers to crash the application by supplying an excessively large string. Attackers can generate a file containing a massive buffer of repeated characters and paste it into the unavailable value field in the display preferences to trigger a denial of service.
Title Angry IP Scanner 3.5.3 Denial of Service via Preferences Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Angryip Angry Ip Scanner
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-22T18:31:25.679Z

Reserved: 2026-04-22T14:23:16.730Z

Link: CVE-2018-25266

cve-icon Vulnrichment

Updated: 2026-04-22T18:31:21.237Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-22T16:16:47.080

Modified: 2026-04-27T17:28:01.677

Link: CVE-2018-25266

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-27T19:54:55Z

Weaknesses