CVE-2019-25667 — MEDIUM (6.2)

Q: How severe is CVE-2019-25667?

CVE-2019-25667 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-25667?

Check the references section above for vendor advisories and patch information. Affected products include: Iarsn Taskinfo.

Vulnerability Description

TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively long strings into the New User Name or New Serial Number textboxes in the Help menu's registration dialog to trigger a denial of service condition.

CVSS Score

6.2

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Iarsn	Taskinfo	<= 8.2.0.280

Related Weaknesses (CWE)

CWE-787

References

http://www.iarsn.com/Product
https://www.exploit-db.com/exploits/46314ExploitVDB Entry
https://www.vulncheck.com/advisories/taskinfo-denial-of-service-buffer-overflowThird Party Advisory

FAQ

What is CVE-2019-25667?

CVE-2019-25667 is a vulnerability with a CVSS score of 6.2 (MEDIUM). TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively lo...

How severe is CVE-2019-25667?

CVE-2019-25667 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-25667?

Check the references section above for vendor advisories and patch information. Affected products include: Iarsn Taskinfo.