CVE-2019-25660
Last modified
CVE-2019-25660 is a medium-severity vulnerability rated 6.9/10 on the CVSS scale. LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Attackers can exploit the Form Send Message feature by pasting 6000 bytes of data into the Message text field to trigger a denial of service condition.. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Attackers can exploit the Form Send Message feature by pasting 6000 bytes of data into the Message text field to trigger a denial of service condition.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Hainsoft | Lanhelper | <= 1.74 |
References
- http://www.hainsoft.com/Broken Link
- https://www.exploit-db.com/exploits/46295Exploit, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2019-25660?
How severe is CVE-2019-25660?
How do I fix CVE-2019-25660?
Are you affected by CVE-2019-25660?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST