Description
Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a crafted payload exceeding buffer boundaries and paste it into the action field through the Rules dialog to trigger the overflow and overwrite the return address.
Published: 2026-04-12
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local code execution
Action: Immediate Patch
AI Analysis

Impact

Echo Mirage 3.1 contains a stack buffer overflow that allows a local attacker to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. The flaw permits overwriting a return address, enabling the attacker to run malicious code under the application's privileges. This vulnerability is classified as CWE‑787, a typical stack‑based buffer overflow, and can lead to full compromise of the machine on which Echo Mirage runs.

Affected Systems

The affected product is Echo Mirage 3.1 from Sourceforge. All installations of this version are vulnerable, as the CNA data does not restrict the vulnerability to a narrower set of releases. Any system running Echo Mirage 3.1 and allowing local users to interact with the Rules dialog is at risk.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity vulnerability. No EPSS score is available and the issue is not listed in the CISA KEV catalog, but the exploitation only requires local access. The likely attack vector is a local user who can create a malicious text file, copy its contents into the Rules action field via the dialog, and trigger the buffer overflow to overwrite the return address. Once the overflow executes, the attacker gains control over the application process and potentially the entire system.

Generated by OpenCVE AI on April 12, 2026 at 13:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available patch or upgrade to a newer Echo Mirage release.
  • If no patch exists, remove or disable the Echo Mirage application from the system.
  • Restrict local user accounts that can run Echo Mirage by adjusting permissions or implementing role‑based controls.
  • Monitor system logs and application activity for signs of abnormal behavior that may indicate exploitation attempts.

Generated by OpenCVE AI on April 12, 2026 at 13:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Interference-security
Interference-security echo Mirage
CPEs cpe:2.3:a:interference-security:echo_mirage:3.1:*:*:*:*:*:*:*
Vendors & Products Interference-security
Interference-security echo Mirage

Mon, 13 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Sourceforge
Sourceforge echo Mirage
Vendors & Products Sourceforge
Sourceforge echo Mirage

Sun, 12 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Description Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action field. Attackers can create a malicious text file with a crafted payload exceeding buffer boundaries and paste it into the action field through the Rules dialog to trigger the overflow and overwrite the return address.
Title Echo Mirage 3.1 Stack Buffer Overflow via Rules Action Field
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Interference-security Echo Mirage
Sourceforge Echo Mirage
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-13T15:30:51.755Z

Reserved: 2026-04-05T15:39:09.009Z

Link: CVE-2019-25705

cve-icon Vulnrichment

Updated: 2026-04-13T15:30:22.268Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-12T13:16:33.303

Modified: 2026-04-17T19:16:50.120

Link: CVE-2019-25705

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:55:52Z

Weaknesses