Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2018-25427: Arm Whois 3.11 allows malicious input to execute code
CVE-2018-25427
Summary
The Arm Whois software has a bug that lets hackers send it too much information. This can allow them to take control of the computer running Whois. You should update to the latest version to fix this problem.
Original title
Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers ...
Original description
Arm Whois 3.11 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by supplying oversized input to the IP address or domain field. Attackers can craft malicious input exceeding 658 bytes with shellcode to overwrite the structured exception handler and gain command execution when the application processes the input.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-121
Stack-based Buffer Overflow
Published: 1 Jun 2026 · Updated: 1 Jun 2026 · First seen: 1 Jun 2026