Description
Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file.
Published: 2026-03-10
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Uderzo Software SpaceSniffer v2.0.5.18 contains a stack‑based buffer overflow that an attacker can trigger by supplying a maliciously crafted .sns snapshot file. The flaw allows the attacker to execute arbitrary code on the victim’s system, compromising confidentiality, integrity and availability of the affected machine.

Affected Systems

Vulnerable hosts run Uderzo Software SpaceSniffer version 2.0.5.18. No other versions were reported in the advisory, and the CNA does not list additional affected releases.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity. The EPSS score is below 1 %, and the vulnerability is not currently listed in the CISA KEV catalog, implying that exploitation is low‑probability at present. The likely attack vector involves delivering a crafted .sns file to a host that has SpaceSniffer installed; this inference is based on the description that the overflow is triggered when the application processes a snapshot file. The description does not explicitly state that a user must open the file, but it is implied that the file must be processed by the application.

Generated by OpenCVE AI on April 16, 2026 at 03:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑released patch or upgrade SpaceSniffer to a fixed version that addresses the buffer overflow.
  • If a patch is unavailable, limit the ability to open .sns files by removing the application from untrusted machines or restricting file permissions so only trusted personnel can create or open snapshots.
  • As a temporary safeguard, configure endpoint protection to detect and block malicious .sns files or set the application to run in a protected environment such as a sandbox.

Generated by OpenCVE AI on April 16, 2026 at 03:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
References

Wed, 11 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Uderzo Software
Uderzo Software spacesniffer
Vendors & Products Uderzo Software
Uderzo Software spacesniffer

Tue, 10 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file.
References

Subscriptions

Uderzo Software Spacesniffer
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-01T15:49:05.940Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26738

cve-icon Vulnrichment

Updated: 2026-03-10T18:22:50.390Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-10T18:18:43.800

Modified: 2026-04-01T17:28:36.287

Link: CVE-2026-26738

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T04:00:09Z

Weaknesses