Description
SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the application.
Published: 2026-04-29
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

SysGauge 4.5.18 contains a buffer overflow in the proxy configuration handler that can be triggered by a local attacker supplying an oversized string to the Proxy Server Host Name field in the Options menu. The overflow crashes the application and causes a denial of service. The primary impact is loss of availability for the affected system, with potential cascading effects if the application provides critical monitoring functions. The flaw corresponds to CWE-120, a buffer copy without checking the destination buffer size.

Affected Systems

The vulnerability exists in SysGauge version 4.5.18 released by Sysgauge. Only installations running that exact version are affected; other versions have not been reported to contain this specific buffer overflow.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity, and the EPSS score is not available, suggesting limited data on exploitation frequency. The flaw is local in nature and is not listed in the CISA KEV catalog, implying that it is not currently being actively exploited in the wild. However, the lack of remote access does not mitigate the risk if an attacker gains local access to an unprotected workstation. Overall risk remains moderate; timely patching is the most effective countermeasure.

Generated by OpenCVE AI on April 30, 2026 at 13:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Obtain and install a patched or newer version of SysGauge that resolves the buffer overflow.
  • If a patch is unavailable, disable the proxy configuration feature or restrict access to the Options menu for untrusted users.
  • Monitor system logs and application crash reports to detect any incidents and respond promptly.

Generated by OpenCVE AI on April 30, 2026 at 13:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 30 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Sysgauge
Sysgauge sysgauge
Vendors & Products Sysgauge
Sysgauge sysgauge

Wed, 29 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Description SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers can inject a large payload through the Proxy Server Host Name field in the Options menu to crash the application.
Title SysGauge 4.5.18 Local Denial of Service via Proxy Configuration
First Time appeared Flexense
Flexense sysgauge
Weaknesses CWE-120
CPEs cpe:2.3:a:flexense:sysgauge:4.5.18:*:*:*:*:*:*:*
Vendors & Products Flexense
Flexense sysgauge
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Flexense Sysgauge
Sysgauge Sysgauge
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-01T16:38:58.218Z

Reserved: 2026-04-29T12:23:47.646Z

Link: CVE-2018-25313

cve-icon Vulnrichment

Updated: 2026-05-01T16:38:53.041Z

cve-icon NVD

Status : Deferred

Published: 2026-04-29T20:16:27.043

Modified: 2026-04-30T15:44:48.290

Link: CVE-2018-25313

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T14:00:22Z

Weaknesses