Description
Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception handler and gain command execution when the application processes the input.
Published: 2026-06-01
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Arm Whois 3.11 contains a stack‑based buffer overflow that allows a remote attacker to send an oversized IP address or domain string exceeding 658 bytes. The overflow overwrites the structured exception handler, enabling arbitrary code execution with the privileges of the running process. The vulnerability can be used to run shellcode, granting the attacker full control over the affected system.

Affected Systems

The affected vendor is Armcode, product Arm Whois. The vulnerability applies to version 3.11. No other versions are listed as affected.

Risk and Exploitability

The CVSS score of 9.3 signals critical severity. While EPSS is not available, the lack of KEV listing does not diminish the risk because the vulnerability permits remote exploit through normal network traffic. Attackers can craft malicious input during normal usage of Arm Whois to trigger the overflow, resulting in attacker‑controlled code execution. The exploit requires only network access to the Arm Whois service and no user interaction besides sending the payload.

Generated by OpenCVE AI on June 1, 2026 at 22:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available patch or update from Armcode.
  • Implement network segmentation or firewall rules to restrict external access to the Arm Whois service.
  • Enforce input length validation to prevent exceeding the 658‑byte limit for IP address or domain fields.

Generated by OpenCVE AI on June 1, 2026 at 22:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Armcode
Armcode arm Whois
Vendors & Products Armcode
Armcode arm Whois

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception handler and gain command execution when the application processes the input.
Title Arm Whois 3.11 Buffer Overflow via SEH Overwrite
Weaknesses CWE-121
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Armcode Arm Whois
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-02T13:15:13.086Z

Reserved: 2026-05-31T12:54:31.247Z

Link: CVE-2018-25427

cve-icon Vulnrichment

Updated: 2026-06-02T13:15:09.337Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T22:16:14.693

Modified: 2026-06-02T14:43:49.920

Link: CVE-2018-25427

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T23:00:16Z

Weaknesses