CVE-2018-25225

HIGH 8.4

SIPP 3.3 Stack-Based Buffer Overflow via Configuration File

CVSS Score

8.4

EPSS Score

0.0%

EPSS Percentile

4th

SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets.

CWE	CWE-306
Vendor	sipp
Product	sipp
Published	Mar 28, 2026
Last Updated	Mar 30, 2026

Stay Ahead of the Next One

Get instant alerts for sipp sipp

Be the first to know when new high vulnerabilities affecting sipp sipp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Sipp / SIPP

3.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/45288 sipp.sourceforge.net: http://sipp.sourceforge.net/ vulncheck.com: https://www.vulncheck.com/advisories/sipp-stack-based-buffer-overflow-via-configuration-file

Credits

Juan Sacco <[email protected]> - http://exploitpack.com