Primary

Context

Frigate Buffer Overflow Vulnerability in Command Line Input Allows Arbitrary Code Execution

Vulnerability

A local buffer overflow vulnerability has been identified in Frigate version 3.36.0.9. The issue arises in the Command Line input field, where attackers can execute arbitrary code by crafting a malicious payload that overflows the buffer, bypasses Data Execution Prevention (DEP), and executes commands such as launching calc.exe.

Impact

Exploitation of this vulnerability leads to a local buffer overflow, allowing for arbitrary code execution on the affected system.

Reproduction

To reproduce this vulnerability, first disable DEP for the Frigate3.exe process. Then, open Frigate and activate the Command Line feature. A payload can be crafted using a Python script that exploits the buffer overflow vulnerability. This payload should be copied to the clipboard and pasted into the Command Line input field. Once the payload is executed, the Windows calculator application (calc.exe) will be launched, demonstrating successful exploitation.

Added: Jan 30, 2026, 11:23 PM

Updated: Jan 30, 2026, 11:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.1

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.1

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Frigate Buffer Overflow Vulnerability in Command Line Input Allows Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating