CVE-2018-25223

Name of the Vulnerable Software and Affected Versions Crashmail version 1.6

Description Crashmail 1.6 contains a stack-based buffer overflow that could allow remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can create payloads with Return-Oriented Programming (ROP) chains to achieve code execution within the application's context. Unsuccessful attempts may lead to a denial of service.

Recommendations Update to a newer version of Crashmail that addresses this issue. As a temporary workaround, carefully validate all input received by the application to prevent excessively long strings from being processed.