Vulnerability Description
Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import functionality to cause the program to consume excessive system resources and crash.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://nmap.org/dist/nmap-7.70-setup.exe
- https://www.exploit-db.com/exploits/45357
- https://www.vulncheck.com/advisories/nmap-denial-of-service-via-xml-entity-expan
FAQ
What is CVE-2018-25282?
CVE-2018-25282 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a cr...
How severe is CVE-2018-25282?
CVE-2018-25282 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-25282?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.