← Retour aux CVEs
CVE-2018-25282
MEDIUM6.2
Description
Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import functionality to cause the program to consume excessive system resources and crash.
Details CVE
Score CVSS v3.16.2
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie4/26/2026
Derniere modification4/27/2026
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-674
References
https://nmap.org/dist/nmap-7.70-setup.exe(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/45357(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/nmap-denial-of-service-via-xml-entity-expansion(disclosure@vulncheck.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.