CVE-2025-66217
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-66217
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66217.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-66217
- Aliases
-
- GHSA-93mj-c8q3-69rg
- Published
- 2025-11-29T01:57:52.613Z
- Modified
- 2025-11-30T05:16:44.276286Z
- Severity
-
- 8.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- AIS-catcher Integer Underflow in MQTT Packet Parsing leading to Heap Buffer Overflow
- Details
-
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Length field. This leads to an immediate Denial of Service (DoS) and, when used as a library, severe Memory Corruption that can be leveraged for Remote Code Execution (RCE). This issue has been patched in version 0.64.
- Database specific
{ "cwe_ids": [ "CWE-122", "CWE-191" ] }- References
Affected packages
Git / github.com/jvde-github/ais-catcher
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jvde-github/ais-catcher
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.05
0.06
0.07
0.08
0.09
0.1
Other
Edge
v0.*
v0.1
v0.10
v0.11
v0.12
v0.13
v0.14
v0.15
v0.16
v0.17
v0.18
v0.19
v0.2
v0.21
v0.22
v0.23
v0.24
v0.25
v0.26
v0.26a
v0.27
v0.27a
v0.27b
v0.28
v0.29
v0.30
v0.31
v0.32
v0.33
v0.34
v0.35
v0.35a
v0.36
v0.36a
v0.37
v0.38
v0.39
v0.40
v0.40a
v0.40b
v0.41
v0.42
v0.43
v0.44
v0.45
v0.45a
v0.45b
v0.45c
v0.45e
v0.46
v0.47
v0.48
v0.49
v0.50
v0.50b
v0.51
v0.51b
v0.52
v0.53
v0.54
v0.55
v0.56
v0.57
v0.58
v0.59
v0.60
v0.61
v0.62
v0.63
Database specific
vanir_signatures
[
{
"id": "CVE-2025-66217-2aba6714",
"target": {
"file": "Source/DBMS/PostgreSQL.cpp",
"function": "PostgreSQL::addVesselStatic"
},
"digest": {
"function_hash": "125366125696850046183424964448195703387",
"length": 1064.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-3393271e",
"target": {
"file": "Source/DBMS/PostgreSQL.cpp",
"function": "PostgreSQL::post"
},
"digest": {
"function_hash": "75889809779916289289596666567355838868",
"length": 807.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-37793be0",
"target": {
"file": "Source/DBMS/PostgreSQL.cpp",
"function": "PostgreSQL::addVessel"
},
"digest": {
"function_hash": "146058160665047177574009595742323989923",
"length": 1987.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-39a524f4",
"target": {
"file": "Source/Application/Config.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"95063772673037478972569675010418083119",
"94808803978223609899581273102976848112",
"164446761458471237702966895641199338486",
"213002222414345730126962117757973442464",
"139461228508315664245520990333372817331",
"152929294108423941810168680198084521034",
"316729031736621636195848538246369895736",
"205042957117571949955952896076024124201",
"331216031599931480353437343490630983869",
"239154258558790580013670115983874772288",
"326905174445195692485867594493050761523",
"20093123548107038096202121568515228878",
"272851682922506251940069652631720497795",
"74230462476833266432651823579905780110",
"338418990860180181406961964128231230140"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-41b6e44a",
"target": {
"file": "Source/JSON/StringBuilder.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"250030609875415495022623680417762133278",
"169776576033361167003853332988717853883",
"164355524818618171094564042491929088571"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-54a64569",
"target": {
"file": "Source/Application/DeviceManager.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"2544196836912204795607900947903691437",
"53760318589859109439382951503210844280",
"297734162951155725290292726099993625824",
"285284279919330875546520058146582451634",
"195445711274056191448589072999486380414",
"191542732481732459045651867723894939869",
"202607263656396603425327350015836012475",
"14047059216552175678441661275491415903",
"218068906360040039830682816308369458471",
"192089166077032218096302481187649796370",
"234164252434228672603885456309367079884",
"326783065478483056940607707857851952157",
"292238646633972190336900278808787503232",
"188612924005755788637085117649390288501",
"307456505880029512472200194483671425660"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-59d51f8a",
"target": {
"file": "Source/DBMS/PostgreSQL.cpp",
"function": "PostgreSQL::addSARposition"
},
"digest": {
"function_hash": "239897965883649194621504220546072742754",
"length": 781.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-6302dd74",
"target": {
"file": "Source/DBMS/PostgreSQL.cpp",
"function": "PostgreSQL::Receive"
},
"digest": {
"function_hash": "303055994340359456470782408416163772170",
"length": 2711.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-7d373a6c",
"target": {
"file": "Source/DBMS/PostgreSQL.cpp",
"function": "PostgreSQL::addATON"
},
"digest": {
"function_hash": "153265930687447428750664886791829776048",
"length": 962.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-8793dd1f",
"target": {
"file": "Source/IO/Network.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"55499712878389812391098281455273906731",
"310079839466114810215882353173631120240",
"179230343777721593329751731528892838984",
"326928869640903977105995800041031167322",
"54859745701349085750555474283900875163",
"21617897275084960916015946218296038277",
"180594773068911509299815153473382775242",
"80800947869888467702072955052536808758",
"149070726177564056984542426483277146216",
"215185585989738431689178783512659637613",
"285391368084105617630443843964198894192",
"181451635554088256266195640833163976204",
"13106841618019986313751816462231393824",
"219535521001083896943354548318928856692",
"135701177264691958000194251791750183121"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-99394c49",
"target": {
"file": "Source/DBMS/PostgreSQL.cpp",
"function": "PostgreSQL::addVesselPosition"
},
"digest": {
"function_hash": "139182489534425118403148607335641410700",
"length": 833.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-a34b6261",
"target": {
"file": "Source/JSON/StringBuilder.cpp",
"function": "StringBuilder::stringify"
},
"digest": {
"function_hash": "119291605148778041680233290555657404150",
"length": 468.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-c78b8168",
"target": {
"file": "Source/Application/Config.cpp",
"function": "Config::setSettingsFromJSON"
},
"digest": {
"function_hash": "142102067362361899424928649459473576058",
"length": 314.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-d15c27e2",
"target": {
"file": "Source/Application/Config.cpp",
"function": "Config::set"
},
"digest": {
"function_hash": "170252463114892664134839215664553739103",
"length": 2433.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-e13dfa5a",
"target": {
"file": "Source/DBMS/PostgreSQL.cpp",
"function": "PostgreSQL::addBasestation"
},
"digest": {
"function_hash": "110758273289535614541292070869576541164",
"length": 708.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-f27e79ca",
"target": {
"file": "Source/Application/DeviceManager.cpp",
"function": "DeviceManager::printAvailableDevices"
},
"digest": {
"function_hash": "6355604983762850793724160749980598797",
"length": 784.0
},
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
},
{
"id": "CVE-2025-66217-f2f3a876",
"target": {
"file": "Source/DBMS/PostgreSQL.cpp"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"34268247643779280203331949038002062618",
"49816093619876545158296251330886194567",
"240249169738217431277021244270848004826",
"72383120203296147547213736184007673829",
"13781412985422551707130400624370649483",
"177809178401666719243477153244427896921",
"250105585650415696906328928579022146884",
"316442964305625341911915071579881839590",
"141108801903627386994503429149464274063",
"189416458272683960435475838903275444378",
"227667733525455152267907803764378589994",
"115535103157040216431231044389684442982",
"260813460446896182156212248008430334550",
"113365387117619028413655629702724667768",
"301964335253874623828920481833439330369",
"17991060113327832587168282826328477338",
"39453991775843064505308134820462621410",
"265624792773519633827595451625165828441",
"321108029410312616388050407184069619763",
"101817098007173872765461275678238060977",
"513606995287904988949624896863023148",
"199234657652296825498545808871797089844",
"283326440497730584481931436599562251350",
"150408008526643143008979987528982001398",
"94714888035059540747369793045602406627",
"54027334697399433959184502360246032593",
"256861822719455394266380042962338807119",
"273291684997935098696783666627287568652",
"252048144713004493896098822400448824460",
"144997557933324625670973555188390982915",
"5328006299732733499330405672170367172",
"120813950467494155074883771511597884190",
"244531656488051571011937252435882489015",
"328345938627307764856826044033675112631",
"272270285511611041769489950195249796767",
"133038122581913271533236677453018417111",
"44469650107402440019580020168534855159",
"26234539012950682087853668328144091602",
"265397464049271650063074891875252503967",
"144319734293551057133550994244270357686",
"150519025575659638140434297847991594337",
"108987537567442605669377976277090861933",
"291783833034138661233954850349119919881",
"124839303939145799020622718857370045008",
"234706282507389486635769589417270389405",
"289954023281150325118667177420128650434",
"242528983115570256583607024730285827809",
"321464595758290276377460242056187487688",
"302375005078552859884439030980396124093",
"120610995979748457041052223653405356857",
"223385863457521853014618094736426347186",
"305407463024304548130196606906410878762",
"249059066945784744696246668920282297473",
"68314886460044799053077799422206714033",
"203281631220312799945191213741316718634",
"120357734110976735806904287078372255737",
"17795036232393707943821201559977383729",
"65610173373987605856783906639877576731",
"171942046646166131673599476189615375173",
"276605124450614932589632336053419047070",
"38129990854797742559633577158780873938",
"5412048031114809685909974612512189287",
"108775151522265736446863073547407402047",
"262307189748609851607025125538420310987",
"234490726332723962805459802088692302267",
"271907716132791242317041815037328797946",
"203990584341413950848744152122242760882",
"318551489903354835450527163898219581064",
"298851297307159816993632735740768125359",
"161625621522714117563695524379053578213",
"301793564148908876299069009867742557557",
"91531879214776462195168888401890861188",
"4207312931196056257094522797773725511",
"19919011862171456765851948700835653938",
"101656573284750138647025394587506830151",
"102541450982787283799931642838919928361",
"251429849377751091945665071792036305801",
"327819378349259485948774466178163465311",
"339978656838376151473698084559083869008",
"335408743158148848067278471976544536467",
"226055795213311012282198140019386959374",
"88033843930393989116380885962174653150",
"150574642448396634727918936559221749551",
"207459992282214199950134678069908068403",
"322719991190237160719985340463225955242",
"168875495931444887718447771454537765433",
"102127369189377666268196944522289549265",
"238946249215530657128435724729265347560",
"186654209938539179651250361726570670218",
"80990898937740164809389545678696490447",
"104575941065154928844338273674033756231",
"79738924783938337032426700950343388722",
"41479493318058301736393709164536291784",
"19430251205572540125558692347818012062",
"251445332387982868016118087668210147925",
"331906269281103881585289611889221722610",
"281159255071926476485853863955347409248",
"276244134288042771348701546294995178905",
"6011533239783700988190240252330047648",
"169360650863300213831531310837449407594",
"44785432192040975211275839978984299358",
"170010954000752307264989347598990279793",
"66515645669534568653325527541616396163",
"190962497803976901736017092692353167016",
"317524392942794516251828396978904200084",
"107225557185651964713771951834786921943",
"264386498527301068939118110839797735520",
"71227403279338704929376734854731287509",
"229292098957300600058481146722702276465",
"145414581993292340414287979872952499681",
"37245899300781389867961519138088622766",
"179609732586881888274933489068435655868",
"217315968074029685499897939673210967584",
"253594342401546073986447365892976426711",
"238946249215530657128435724729265347560",
"6011533239783700988190240252330047648",
"169360650863300213831531310837449407594",
"44785432192040975211275839978984299358",
"190329458537765294443375960775809895919",
"191880408283055120658969291908298220110",
"160971218082146697119601688135577661219",
"317524392942794516251828396978904200084",
"170302076405386186560015649984647479959",
"336472470768077543686521232403640205809",
"51464325607477297766770022958650451218",
"108068384663755619717455286446319228904",
"314173885441690854648232789531472358635",
"238946249215530657128435724729265347560",
"186654209938539179651250361726570670218",
"80990898937740164809389545678696490447",
"104575941065154928844338273674033756231",
"311262314824725644298364229025862843647",
"118010339206536019697602073361134846202",
"112900983614585153155560243478128837072",
"152659943694821376675481678181108067439",
"258125252708866641930689396588252588148",
"238946249215530657128435724729265347560",
"186654209938539179651250361726570670218",
"80990898937740164809389545678696490447",
"64234035281292515840285588984365448883",
"155421249155952349413106488182863115127",
"128601371364232106705412145436913653242",
"110664153499012628238112490586653205937",
"26311670353161466928800226386332845191",
"107139829770596862396615095912216323238",
"238946249215530657128435724729265347560",
"186654209938539179651250361726570670218",
"80990898937740164809389545678696490447",
"232218281022714586143177130906743806037",
"322626703369732834877261081115872293755",
"107417774898542943863786579958814750880",
"160971218082146697119601688135577661219",
"317524392942794516251828396978904200084",
"216780614801451995467211296017566783204",
"223803349202094138293310449713829329883",
"319098133032142696222698637016392200228",
"310866079943780433337284353964017713494",
"149460637169807210111741428864973652536",
"38241448525355880538864469753746337772",
"173789756062496785287622713119668445892",
"168609560029544667024809780877323925542",
"265027588784047396122249721508343628886",
"268649520192718006394570588387252672864",
"209833086935998388509489182799393349117",
"308736773051855128510951684523972755745",
"80583553942568377270532212351831571563",
"179312761004621517047835556023021599856",
"288979488171605507371238939067288861732",
"151839059061556942156349805413341126209",
"329711370515385540175518066855662531508",
"315038470422833306126633824212841336992",
"7260143686731701461853248442106755831",
"83609898074494551474852407271201642765",
"223616374305749729418099762324390491455",
"253299236921091209038609960058344734458",
"94322544819247233095124393700251542800",
"23210170955679402410199395683155908896",
"179420581978633701154806964246411949347",
"63012138419763749732215942322282294007",
"181887186139189072469086291962843589949",
"98137991894565813886983874479924136465",
"102044807028749747133504921688542287176",
"161751020651802882879490889096465425854",
"336998057269233801964978528910830146041",
"92347893481777206524034125148610359421",
"34457903418211542753382632389853478942",
"284556627804575413273330210088259137378",
"180264658820177556206842699101869508450",
"70618017655267505332868269812800288848",
"131748481886196164222135153501558339776",
"256054127311448647025510386445771942267",
"127375426692104329481190800254504860346",
"82513748540407911266400489206887832818",
"306553784305308129655946161845717333571",
"117911497338577654492668767127733213806"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/jvde-github/ais-catcher/commit/28b7fb3bff2b2048e05c3fd170021986521ddbb9",
"signature_version": "v1"
}
]