CVE-2025-29364

MEDIUM

spim < 9.1.24 - Stack-based Buffer Overflow via READ_SYSCALL and WRITE_SYSCALL Address Validation Bypass

Title source: llm

Description

spimsimulator spim v9.1.24 and before is vulnerable to Buffer Overflow in the READ_SYSCALL and WRITE_SYSCALL system calls. The application verifies the legitimacy of the starting and ending addresses for memory read/write operations. By configuring the starting and ending addresses for memory read/write to point to distinct memory segments within the virtual machine, it is possible to circumvent these checks.

References (2)

Core 2

Core References

Third Party Advisory

https://gist.github.com/Giles-one/a398e3da21ea9567970c6f0de543c3b3

Exploit

https://github.com/Giles-one/spimsimulatorEscape?tab=readme-ov-file#bug2-bypass-check-in-read_syscall-and-write_syscall-leading-to-out-of-bounds-readwrite

Scores

CVSS v3 6.5

EPSS 0.0036

EPSS Percentile 27.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-121

Status published

Products (1)

spimsimulator/spim < 9.1.24

Published Aug 28, 2025

Tracked Since Feb 18, 2026