Sicam Siapp Sdk
CVE-2026-25572
MEDIUM
Severity by source
AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.
AnalysisAI
Stack overflow in SICAM SIAPP SDK versions prior to 2.1.7 allows local attackers to crash the server component by submitting oversized input that bypasses length validation, resulting in denial of service. The vulnerability stems from missing input length checks on certain variables processed by the SDK server. No patch is currently available for affected installations.
Technical ContextAI
has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables before use. This could allow an attacker to send an oversized input that could trigger a stack overflow crashing the process and potentially causing denial of service.
RemediationAI
Monitor vendor advisories for a patch.
More in Sicam Siapp Sdk
View allCommand injection in SICAM SIAPP SDK versions prior to 2.1.7 allows unauthenticated local attackers to manipulate shell
Insufficient input validation in SICAM SIAPP SDK versions prior to V2.1.7 enables stack overflow attacks, permitting loc
Out-of-bounds write vulnerability in SICAM SIAPP SDK versions prior to V2.1.7 allows local attackers to corrupt memory a
Unvalidated file path handling in SICAM SIAPP SDK versions below 2.1.7 permits local attackers to delete arbitrary files
Stack overflow in SICAM SIAPP SDK versions below 2.1.7 results from missing input length validation on client-side varia
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today