CRITICAL🇵🇱 Wersja polska

CVE-2012-10058

CVSS 10.0v4.0pub. 2025-08-13upd. 2026-04-15

RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server process.

🤖 AI Analysis
How it works

The vulnerability results from unsafe use of the sprintf() function when logging invalid HTTP requests. An attacker sends a specially crafted HTTP request with an appropriately constructed URI, causing a stack-based buffer overflow. As a result, it is possible to overwrite the function's return address and take control of the program's execution flow. Exploitation occurs in the context of the web server process.

Impact

An attacker can execute arbitrary code (RCE) in the context of the web server process without any authentication. In practice, this can lead to complete takeover of the system running the vulnerable application.

Mitigation & patch

Apply patches available from the vendor according to the references. It is recommended to check the availability of a newer version of the application at the vendor's address and restrict network access to the vulnerable HTTP server using a firewall to trusted IP addresses.

Who is affected

RabidHamster R4 version 1.25

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEMemory
CWE
References