{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25216", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-26T13:17:00.377Z", "datePublished": "2026-03-26T13:24:16.609Z", "dateUpdated": "2026-03-26T18:33:16.849Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-26T13:24:16.609Z"}, "datePublic": "2018-12-15T00:00:00.000Z", "title": "AnyBurn 4.3 Denial of Service Local Buffer Overflow", "descriptions": [{"lang": "en", "value": "AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image' operation to trigger a denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Anyburn", "product": "AnyBurn", "versions": [{"version": "4.3 (32-bit)", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46002", "name": "ExploitDB-46002", "tags": ["exploit"]}, {"url": "http://www.anyburn.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"name": "VulnCheck Advisory: AnyBurn 4.3 Denial of Service Local Buffer Overflow", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/anyburn-denial-of-service-local-buffer-overflow"}], "credits": [{"lang": "en", "value": "Achilles", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T18:33:08.487814Z", "id": "CVE-2018-25216", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T18:33:16.849Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25216", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T18:33:08.487814Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T18:33:12.667Z"}}], "cna": {"title": "AnyBurn 4.3 Denial of Service Local Buffer Overflow", "credits": [{"lang": "en", "type": "finder", "value": "Achilles"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Anyburn", "product": "AnyBurn", "versions": [{"status": "affected", "version": "4.3 (32-bit)"}]}], "datePublic": "2018-12-15T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46002", "name": "ExploitDB-46002", "tags": ["exploit"]}, {"url": "http://www.anyburn.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/anyburn-denial-of-service-local-buffer-overflow", "name": "VulnCheck Advisory: AnyBurn 4.3 Denial of Service Local Buffer Overflow", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image' operation to trigger a denial of service condition."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-26T13:24:16.609Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25216", "state": "PUBLISHED", "dateUpdated": "2026-03-26T18:33:16.849Z", "dateReserved": "2026-03-26T13:17:00.377Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-26T13:24:16.609Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can paste a 10000-byte payload into the 'Image file name' parameter during the 'Copy disk to Image' operation to trigger a denial of service condition."}], "id": "CVE-2018-25216", "lastModified": "2026-03-26T15:13:15.790", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-26T14:16:05.507", "references": [{"source": "disclosure@vulncheck.com", "url": "http://www.anyburn.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46002"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/anyburn-denial-of-service-local-buffer-overflow"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.3 (32-bit)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "AnyBurn", "source": "cna", "vendor": "Anyburn"}, "product": "anyburn", "vendor": "anyburn"}], "analysis": {"en": {"generated_at": "2026-03-26T15:06:11.715608+00:00", "value": {"mitigation_remediation": ["Verify your installation of AnyBurn is at or above the latest released version and apply any vendor-supplied patch or upgrade to a version that eliminates the buffer overflow. If no official patch is available, restrict local access to the AnyBurn executable to trusted users only. Avoid using the \"Copy disk to Image\" feature with unusually long filenames or disable the feature entirely. Monitor application logs for repeated crashes, and consider restarting the application or the host system to restore availability if a crash occurs."], "summary": {"action": "Apply Patch", "impact": "Local Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected product is AnyBurn version 4.3 from Anyburn. No other versions are listed in the CNA data, so the only explicitly vulnerable release is 4.3. No additional vendor or product information is supplied beyond this single version.", "description_and_impact": "This vulnerability is a local buffer overflow that occurs when AnyBurn 4.3 processes an image file name during the \"Copy disk to Image\" operation. An attacker can supply an excessively long string\u2014up to 10,000 bytes\u2014into the image file name field, causing the application to crash. The flaw is a classic CWE\u2011787 overflow that leads to a denial of service. The impact is limited to the integrity of the application\u2019s availability, not to remote control or data disclosure. The issue does not provide attacker privileges beyond the local user running the program.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a moderate severity, and the EPSS score is not provided, so the likelihood of exploitation is unknown. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local; an attacker needs the ability to run the AnyBurn application or otherwise supply a crafted image file name. Because the flaw causes an application crash, the consequence is restricted to service interruption and is recoverable by restarting the program. Recovery is mitigated by application restarts and system restarts. An unauthorized remote attacker would need to first gain local execution to exploit this weakness."}}}}, "created": "2026-03-27T08:34:25.848098+00:00", "updated": "2026-03-27T09:26:54.915702+00:00", "vendors": ["anyburn", "anyburn$PRODUCT$anyburn"]}