CRITICAL🇵🇱 Wersja polska

CVE-2025-29365

CVSS 9.8v3.1pub. 2025-08-22upd. 2025-10-01

spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in READ_STRING_SYSCALL.

🤖 AI Analysis
How it works

The vulnerability results from improper handling of the READ_STRING system call in the SPIM simulator – the read_input function does not properly verify the length of the read string, leading to writing beyond buffer boundaries (out-of-bounds write, CWE-787) and reading beyond boundaries (out-of-bounds read, CWE-125). CWE-120 classification indicates lack of control over the size of copied string, while CWE-274 suggests improper permission management in this context. An attacker can provide crafted input data to the simulator, triggering buffer overflow on the stack or heap.

Impact

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code (RCE) in the context of the simulator process, as well as cause application crash (denial of service) or read sensitive data from the process memory.

Mitigation & patch

Patches available from the manufacturer should be applied according to references. In case of missing official updates, it is recommended to not expose the SPIM simulator to untrusted users and to monitor inputs passed to the simulator process.

Who is affected

spimsimulator SPIM version 9.1.24 and all earlier versions

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Spimsimulator Spim

    APP
    Spimsimulator
    ≤ 9.1.24
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-29364MEDIUM6.5ten sam produkt

spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in the READ_SYSCALL and WRITE_SYSCALL s...