Primary

Context

OSSP iSelect Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A local buffer overflow vulnerability has been identified in OSSP iSelect version 1.4.0-2+b1. This vulnerability allows local attackers to execute arbitrary code by providing an oversized value to the -k or --key parameter. The exploitation involves crafting a malicious argument that includes a NOP sled, shellcode, and a return address, which overflows a 1024-byte stack buffer. As a result, attackers can gain code execution with user privileges.

Impact

Exploitation of this vulnerability leads to a local buffer overflow, allowing for arbitrary code execution with user privileges.

Reproduction

The vulnerability can be reproduced by using the iSelect tool and supplying an oversized value through the -k or --key parameter. The input must be crafted to include a NOP sled, shellcode, and a return address to successfully overflow the buffer and execute the injected code.

Added: Mar 28, 2026, 12:31 PM

Updated: Mar 28, 2026, 12:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.9

exploitability

4.0

remediation

0.0

relevance

4.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.9

exploitability

4.0

remediation

0.0

relevance

4.8

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OSSP iSelect Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating