Description
Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking.
Published: 2026-06-01
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Arm Whois 3.11 contains a buffer overflow that enables local attackers to execute arbitrary code. By crafting a malicious file with a 672‑byte offset, an attacker can overwrite the structured exception handler (nSEH and SEH pointers), allowing hijacked exception handling to launch chosen payloads. This weakness is a classic stack/heap overflow (CWE‑120) that can compromise the application and, depending on the user’s privileges, the host system. The CVSS score of 8.6 marks it as a high‑severity flaw.

Affected Systems

The vulnerability affects Armcode’s Arm Whois 3.11. No other versions or components were enumerated as susceptible, so systems running that precise version are at risk while newer releases are presumed unaffected.

Risk and Exploitability

The high CVSS score indicates a severe impact once exploited. EPSS is not reported, so the current probability of exploitation is unknown, but the flaw is local and requires the attacker to have ability to create and provide a malicious file to the victim. The attack path is straightforward: a local user supplies the crafted file, the application processes it, the overflow occurs, and the exception handler is hijacked to run attacker code. The vulnerability is not listed in KEV, suggesting no widely known public exploits yet, but its local nature still makes it dangerous if the application runs with elevated rights or is exposed to untrusted input.

Generated by OpenCVE AI on June 1, 2026 at 22:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest Arm Whois release that contains the buffer overflow fix. Check the vendor’s official update page for an available patch.
  • Limit access to Arm Whois input files by restricting file permissions to authorized users only and rejecting or sanitizing untrusted files.
  • Run Arm Whois within a sandbox or containered environment to contain any potential code execution if the application is compromised.

Generated by OpenCVE AI on June 1, 2026 at 22:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Armcode
Armcode arm Whois
Vendors & Products Armcode
Armcode arm Whois

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking.
Title Arm Whois 3.11 Buffer Overflow via ASLR Bypass
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Armcode Arm Whois
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-02T12:33:26.285Z

Reserved: 2026-06-01T11:50:04.770Z

Link: CVE-2018-25432

cve-icon Vulnrichment

Updated: 2026-06-02T12:33:21.830Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T22:16:16.583

Modified: 2026-06-02T14:43:49.920

Link: CVE-2018-25432

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T22:30:03Z

Weaknesses