Description
Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigger a denial of service condition.
Published: 2026-05-25
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic stack buffer overflow in Visual Ping 0.8.0.0. By entering input larger than 4108 bytes in the Host, Time Out, Packet Size, Pause, or Loops fields, an attacker who can localize the application can cause a forced crash, resulting in a denial of service. The flaw stems from insufficient bounds checking (CWE‑120) and does not affect confidentiality or integrity, but it does interrupt the service and can be exploited by any privileged local user who can launch Visual Ping.

Affected Systems

All installations of scanwith Visual Ping version 0.8.0.0 are affected. No other versions are listed in the CNA data, so the impact is confined to that release. The product is a Windows‑based network ping utility distributed by scanwith.

Risk and Exploitability

The CVSS base score of 6.9 indicates a medium severity of local denial of service. The lack of an EPSS metric and absence from CISA KEV suggest that the vulnerability has not yet been widely exploited in the wild. Exploitation requires a local attacker with the ability to start or interact with Visual Ping, and the attacker must supply an oversized payload; there are no publicly available remote vectors or privilege escalation steps indicated in the description.

Generated by OpenCVE AI on May 25, 2026 at 15:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Uninstall or disable Visual Ping 0.8.0.0 if the functionality is not critical.
  • If the tool must remain in use, validate and truncate user input in the Host, Time Out, Packet Size, Pause, and Loops fields to no more than 4108 bytes before processing.
  • Search for an updated version of Visual Ping that removes the buffer overflow or switch to an alternative ping utility.

Generated by OpenCVE AI on May 25, 2026 at 15:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Scanwith
Scanwith visual Ping
Vendors & Products Scanwith
Scanwith visual Ping

Tue, 26 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 25 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigger a denial of service condition.
Title Visual Ping 0.8.0.0 Buffer Overflow Denial of Service
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Scanwith Visual Ping
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-26T12:41:20.449Z

Reserved: 2026-05-25T13:40:20.153Z

Link: CVE-2018-25369

cve-icon Vulnrichment

Updated: 2026-05-26T12:41:10.303Z

cve-icon NVD

Status : Deferred

Published: 2026-05-25T15:16:19.723

Modified: 2026-05-26T19:47:48.987

Link: CVE-2018-25369

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T13:00:35Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')