Description
A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution.
Published: 2025-07-16
Score: 9.3 Critical
EPSS: 56.3% High
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

A stack‑based buffer overflow exists in Achat v0.150. The overflow occurs when an attacker sends a specially crafted message to the default UDP port 9256, causing the structured exception handler (SEH) to be overwritten due to inadequate bounds checking. This flaw permits remote code execution, allowing an attacker to run arbitrary code in the context of the running service or the operating system.

Affected Systems

The vulnerability affects the Achat Chat Server produced by Achat Software. The affected releases include version 0.150 and any builds that retain the default configuration without the overflow fix.

Risk and Exploitability

The CVSS score of 9.3 indicates high severity, and the EPSS score of 56% shows that exploitation is considered likely. The vulnerability is not listed in CISA KEV but is already documented in exploit databases. An attacker can trigger the bug by sending a crafted UDP packet to port 9256, overriding SEH and executing code remotely on the host.

Generated by OpenCVE AI on April 22, 2026 at 22:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check with Achat Software for an updated version or patch that removes the overflow in v0.150
  • If no patch is available, upgrade to a version that does not use the vulnerable default configuration
  • Restrict inbound UDP traffic on port 9256 using firewall rules or network segmentation to limit exposure
  • Monitor network logs for anomalous UDP traffic patterns that may indicate exploitation attempts

Generated by OpenCVE AI on April 22, 2026 at 22:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21744 A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution.
History

Thu, 17 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 16 Jul 2025 21:30:00 +0000

Type Values Removed Values Added
Description A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the structured exception handler (SEH) due to insufficient bounds checking on user-supplied input leading to remote code execution.
Title Achat v0.150 SEH Buffer Overflow via UDP
Weaknesses CWE-121
CWE-94
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:09:47.085Z

Reserved: 2025-04-15T19:15:22.561Z

Link: CVE-2025-34127

cve-icon Vulnrichment

Updated: 2025-07-17T14:48:05.249Z

cve-icon NVD

Status : Deferred

Published: 2025-07-16T22:15:24.280

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-34127

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T22:30:28Z

Weaknesses