Description
RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a malicious payload exceeding 4000 bytes into the Server field via the Settings menu to trigger an application crash.
Published: 2026-03-22
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a buffer overflow in the Server field of the Network settings of RarmaRadio. By entering a string longer than 4000 bytes through the Settings menu, a local user can trigger a crash of the application, leading to a denial of service condition. The weakness corresponds to a classic out‑of‑bounds write (CWE‑787) that compromises application integrity and availability.

Affected Systems

Affected vendors and products include Raimersoft’s RarmaRadio, specifically version 2.72.3. No other versions or vendors are listed as affected, so the impact is limited to installations running that exact build.

Risk and Exploitability

The CVSS score for this flaw is 6.9, indicating moderate severity. The EPSS score is below 1%, and the vulnerability is not currently listed in CISA’s KEV catalog, suggesting limited exploitation risk at this time. Exploitation requires local access to the device, as the attacker must use the Settings interface. Because the vector is local and the impact is an application crash, the risk is bounded to the local user or compromised machine. The overall threat level is moderate, but users should still apply remediation when available.

Generated by OpenCVE AI on March 24, 2026 at 16:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade RarmaRadio to the latest released version that resolves the buffer overflow problem.
  • If a newer version is not yet released, contact Raimersoft for a patch or official guidance.
  • Prevent local users from entering data into the Server field of the Settings menu until the vulnerability is patched.
  • Monitor application logs for crash events and investigate any anomalous behavior promptly.

Generated by OpenCVE AI on March 24, 2026 at 16:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:raimersoft:rarmaradio:2.72.3:*:*:*:*:*:*:*

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Raimersoft
Raimersoft rarmaradio
Vendors & Products Raimersoft
Raimersoft rarmaradio

Sun, 22 Mar 2026 00:30:00 +0000

Type Values Removed Values Added
Description RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a malicious payload exceeding 4000 bytes into the Server field via the Settings menu to trigger an application crash.
Title RarmaRadio 2.72.3 Server Field Buffer Overflow Denial of Service
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Raimersoft Rarmaradio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T15:35:29.035Z

Reserved: 2026-03-21T16:45:02.941Z

Link: CVE-2019-25584

cve-icon Vulnrichment

Updated: 2026-03-23T15:35:25.598Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-22T01:16:56.310

Modified: 2026-03-24T14:50:52.377

Link: CVE-2019-25584

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:55Z

Weaknesses