← back
CVE-2018-25227

Valentina Studio 9.0.4 Denial of Service via Host Parameter

CVSS 6.9 MEDIUMEPSS 0.2%CWE-466
Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger the crash by pasting a 256-byte buffer of repeated characters into the Host parameter during server connection attempts.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected products
Valentina-Db · Valentina Studio
public PoCs found1
cve_referencewww.exploit-db.com/exploits/46421unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://valentina-db.com/en/https://valentina-db.com/en/developer/database/download-valentina-database-adkhttps://www.exploit-db.com/exploits/46421https://www.vulncheck.com/advisories/valentina-studio-denial-of-service-via-host-parameter