Severity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
Local vector confirmed by description; low privilege and required user interaction match overflow trigger; no integrity impact applies; scope unchanged per application boundary.
Primary rating from Vendor (TR-CERT).
CVSS VectorVendor: TR-CERT
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers.
This issue affects Pardus Pen: from <=4.1.5 before 4.2.1.
AnalysisAI
Buffer overflow via improper null termination in Pardus Pen affects versions up to and including 4.1.5, with a fix available in 4.2.1. A local, low-privileged user who interacts with crafted input can trigger a CWE-170 null termination error causing out-of-bounds memory reads, resulting in limited confidentiality exposure and availability disruption. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a local session on the target system (AV:L) with at least low-privileged account access (PR:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The overall real-world risk is low. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A low-privileged local user on a Pardus Linux system with Pardus Pen installed crafts a malformed input - such as a file or data stream lacking proper null termination - and triggers its processing through normal application interaction. The null termination error causes a buffer overflow, potentially leaking a small amount of adjacent memory content and crashing the application. … |
| Remediation | Upgrade Pardus Pen to version 4.2.1 or later, which resolves the improper null termination flaw. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-170 – Improper Null Termination
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41764
GHSA-hmmj-28g4-h22x