Description
Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigger a denial of service condition.
Published: 2026-05-25
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic stack buffer overflow in Visual Ping 0.8.0.0. By entering input larger than 4108 bytes in the Host, Time Out, Packet Size, Pause, or Loops fields, an attacker who can localize the application can cause a forced crash, resulting in a denial of service. The flaw stems from insufficient bounds checking (CWE‑120) and does not affect confidentiality or integrity, but it does interrupt the service and can be exploited by any privileged local user who can launch Visual Ping.

Affected Systems

All installations of scanwith Visual Ping version 0.8.0.0 are affected. No other versions are listed in the CNA data, so the impact is confined to that release. The product is a Windows‑based network ping utility distributed by scanwith.

Risk and Exploitability

The CVSS base score of 6.9 indicates a medium severity of local denial of service. The lack of an EPSS metric and absence from CISA KEV suggest that the vulnerability has not yet been widely exploited in the wild. Exploitation requires a local attacker with the ability to start or interact with Visual Ping, and the attacker must supply an oversized payload; there are no publicly available remote vectors or privilege escalation steps indicated in the description.

Generated by OpenCVE AI on May 25, 2026 at 15:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Uninstall or disable Visual Ping 0.8.0.0 if the functionality is not critical.
  • If the tool must remain in use, validate and truncate user input in the Host, Time Out, Packet Size, Pause, and Loops fields to no more than 4108 bytes before processing.
  • Search for an updated version of Visual Ping that removes the buffer overflow or switch to an alternative ping utility.

Generated by OpenCVE AI on May 25, 2026 at 15:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 25 May 2026 14:30:00 +0000

Type Values Removed Values Added
Description Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigger a denial of service condition.
Title Visual Ping 0.8.0.0 Buffer Overflow Denial of Service
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-25T14:15:14.709Z

Reserved: 2026-05-25T13:40:20.153Z

Link: CVE-2018-25369

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T15:30:06Z

Weaknesses