{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3137", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-24T17:29:19.374Z", "datePublished": "2026-02-25T00:32:07.501Z", "dateUpdated": "2026-02-27T17:31:16.374Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-25T00:32:07.501Z"}, "title": "CodeAstro Food Ordering System food_ordering.exe stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "CodeAstro", "product": "Food Ordering System", "versions": [{"version": "1.0", "status": "affected"}], "cpes": ["cpe:2.3:a:codeastro:food_ordering_system:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of the file food_ordering.exe. Such manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-02-24T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-24T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-24T18:34:27.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "RuqiZhang (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.347631", "name": "VDB-347631 | CodeAstro Food Ordering System food_ordering.exe stack-based overflow", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.347631", "name": "VDB-347631 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.758512", "name": "Submit #758512 | codeastro Food Ordering System V1.0 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/910biter/cve/issues/3", "tags": ["exploit", "issue-tracking"]}, {"url": "https://codeastro.com/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T17:31:09.509837Z", "id": "CVE-2026-3137", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T17:31:16.374Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3137", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-27T17:31:09.509837Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T17:31:12.884Z"}}], "cna": {"title": "CodeAstro Food Ordering System food_ordering.exe stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "RuqiZhang (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:codeastro:food_ordering_system:*:*:*:*:*:*:*:*"], "vendor": "CodeAstro", "product": "Food Ordering System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-02-24T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-24T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-24T18:34:27.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.347631", "name": "VDB-347631 | CodeAstro Food Ordering System food_ordering.exe stack-based overflow", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.347631", "name": "VDB-347631 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.758512", "name": "Submit #758512 | codeastro Food Ordering System V1.0 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/910biter/cve/issues/3", "tags": ["exploit", "issue-tracking"]}, {"url": "https://codeastro.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of the file food_ordering.exe. Such manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-25T00:32:07.501Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3137", "state": "PUBLISHED", "dateUpdated": "2026-02-27T17:31:16.374Z", "dateReserved": "2026-02-24T17:29:19.374Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-25T00:32:07.501Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:codeastro:food_ordering_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4F5B0733-BE5F-4A41-B33A-5173D233BED0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of the file food_ordering.exe. Such manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used."}, {"lang": "es", "value": "Se ha descubierto una vulnerabilidad de seguridad en CodeAstro Food Ordering System 1.0 que afecta una funci\u00f3n desconocida del archivo food_ordering.exe. Si se manipula se provoca un desbordamiento de b\u00fafer basado en pila. El ataque solo puede ser realizado desde un entorno local. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado."}], "id": "CVE-2026-3137", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-25T01:16:09.537", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://codeastro.com/"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/910biter/cve/issues/3"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.347631"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.347631"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.758512"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Food Ordering System", "source": "cna", "vendor": "CodeAstro"}, "product": "food_ordering_system", "vendor": "codeastro"}], "analysis": {"en": {"generated_at": "2026-04-16T16:18:38.528373+00:00", "value": {"mitigation_remediation": ["Apply the vendor-released patch for CodeAstro Food Ordering System 1.0 once it becomes available to eliminate the buffer overflow flaw.", "Configure the application to run with the minimum necessary privileges and enforce strict local access controls, thereby limiting the potential damage a local attacker could cause.", "Deploy operating\u2011system level memory protection mechanisms such as stack canaries, ASLR, or DEP to mitigate the effects of any remaining or undiscovered buffer overflow vulnerabilities."], "summary": {"action": "Assess Impact", "impact": "Stack-Based Buffer Overflow"}, "threat_synthesis": {"affected_systems": "Affected vendors and products are CodeAstro\u2019s Food Ordering System, specifically version 1.0. No other versions or editions are listed as vulnerable in the available CNA data.", "description_and_impact": "The vulnerability exists in CodeAstro Food Ordering System version 1.0, affecting an unknown function within the food_ordering.exe executable. Triggering the flaw results in a stack-based buffer overflow, which can corrupt adjacent memory and potentially allow an attacker to alter program flow or execute arbitrary code. The official description notes that the exploit is only viable from a local environment, meaning that any user with local access to the machine running the application can attempt the attack. Presence of this flaw may lead to application crashes, loss of service, or compromise of the host upon successful exploitation.", "risk_and_exploitability": "The CVSS base score for this issue is 4.8, indicating moderate severity. The EPSS score is less than 1 percent, suggesting a low likelihood of exploitation in the wild at the time of analysis. The vulnerability is not included in the CISA KEV catalogue. The attack vector is inferred to be local, as the description explicitly states that the exploit can only be performed from a local environment. Given the lack of acknowledged remote execution capability, the impact is confined to systems with local user or process privileges. No public proof\u2011of\u2011concept exploits or zero\u2011day usage is reported beyond the initial disclosure."}}}}, "created": "2026-02-25T11:35:19.500604+00:00", "updated": "2026-04-16T16:30:15.926468+00:00", "vendors": ["codeastro", "codeastro$PRODUCT$food_ordering_system"]}