Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

RabidHamster R4 Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Exploited

A stack-based buffer overflow vulnerability has been identified in RabidHamster R4 version 1.25. This vulnerability arises from the unsafe use of sprintf() in the logging of malformed HTTP requests, creating an opportunity for remote attackers to execute arbitrary code within the context of the web server process.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, causing heap corruption and allowing for arbitrary code execution under the web server process's context.

Reproduction

The vulnerability can be reproduced by sending a crafted HTTP request that includes a long URI. This can be done using a tool like 'udpsz' to automate the process. The 'miniscreenshot' command can also be used to trigger the overflow, but this requires additional steps to craft the request properly.

Added: Aug 13, 2025, 10:28 PM

Updated: Aug 13, 2025, 10:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

9.1

remediation

0.0

relevance

0.4

threat

9.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

9.1

remediation

0.0

relevance

0.4

threat

9.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

RabidHamster R4 Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating