CVE-2012-4409

mcrypt < 2.6.8 - Stack-Based Buffer Overflow via Encrypted File Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-4409. PoCs published by Tosh, _ishikawa.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in mcrypt <= 2.5.8 (CVE-2012-4409) by crafting a malicious encrypted file. When decrypted, it triggers arbitrary code execution via ROP chains to bypass NX and ASLR, ultimately spawning a shell.

Description

Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Tosh · perllocallinux
https://www.exploit-db.com/exploits/22928

This exploit targets a stack-based buffer overflow in mcrypt <= 2.5.8 (CVE-2012-4409) by crafting a malicious encrypted file. When decrypted, it triggers arbitrary code execution via ROP chains to bypass NX and ASLR, ultimately spawning a shell.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: mcrypt <= 2.5.8
No auth needed
Prerequisites: Vulnerable mcrypt version · Ability to deliver malicious file to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by _ishikawa · pythondoslinux
https://www.exploit-db.com/exploits/22938

This exploit demonstrates a stack-based buffer overflow in mcrypt <= 2.6.8 by crafting a malicious .nc file with an overly long salt value. The PoC triggers the vulnerability in the check_file_head() function during decryption, potentially leading to arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: mcrypt <= 2.6.8
No auth needed
Prerequisites: mcrypt <= 2.6.8 installed on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086519.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088281.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087542.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/09/06/4
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/51010
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1027532
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50507
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=855029

Scores

EPSS 0.5874
EPSS Percentile 98.3%

Details

CWE
CWE-119
Status published
Products (5)
mcrypt/mcrypt 2.6.4
mcrypt/mcrypt 2.6.5
mcrypt/mcrypt 2.6.6
mcrypt/mcrypt 2.6.7
mcrypt/mcrypt < 2.6.8
Published Nov 21, 2012
Tracked Since Feb 18, 2026