Miggo Logo
Miggo Vulnerability Database
CVE-2018-25033

CVE-2018-25033: Out-of-bounds read in admesh

8.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2018-25033
GHSA ID
GHSA-5jrq-582v-9767
EPSS Score
0.64821%
CWE
CWE-125
Published
5/9/2022
Updated
1/29/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
admeshpip< 0.98.50.98.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly names stl_update_connects_remove_1 in connect.c as the location of the heap-based buffer over-read. The GitHub issue (#28) provides a crash trace showing the overflow occurs at line 831 of connect.c within this function during stl_remove_degenerate operations. While stl_remove_degenerate is part of the call chain, the primary vulnerability resides in stl_update_connects_remove_1's handling of connection data. Multiple authoritative sources (CVE, GHSA, Debian advisory) consistently identify this function as the vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**M*s* t*rou** *.**.* **s * ***p-**s** *u***r ov*r-r*** in stl_up**t*_*onn**ts_r*mov*_* (**ll** *rom stl_r*mov*_****n*r*t*) in *onn**t.* in li***m*s*.*.

Reasoning

T** vuln*r**ility **s*ription *xpli*itly n*m*s stl_up**t*_*onn**ts_r*mov*_* in *onn**t.* *s t** lo**tion o* t** ***p-**s** *u***r ov*r-r***. T** *it*u* issu* (#**) provi**s * *r*s* tr*** s*owin* t** ov*r*low o**urs *t lin* *** o* *onn**t.* wit*in t*i