Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
CVE-2018-25356: SIPp 3.6 and earlier crashes or runs malicious code due to oversized input
CVE-2018-25356
Summary
SIPp versions 3.6 and earlier have a security flaw that can be exploited by a local attacker to crash the application or run unauthorized code. This can happen when an attacker supplies too much information to SIPp when it's running. To stay safe, update to a newer version of SIPp.
Original title
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can t...
Original description
SIPp 3.6 and earlier contains a local buffer overflow vulnerability in command-line argument handling that allows local attackers to crash the application or execute arbitrary code. Attackers can trigger the vulnerability by supplying oversized input to the -3pcc, -i, or -log_file parameters, causing strcpy to write beyond buffer boundaries in sipp.cpp.
nvd CVSS3.1
8.4
nvd CVSS4.0
8.6
Vulnerability type
CWE-120
Classic Buffer Overflow
Published: 23 May 2026 · Updated: 30 May 2026 · First seen: 26 May 2026