CVE-2018-25238

VSCO 1.1.1.0 Denial of Service via Search

CVSS 6.9 MEDIUMEPSS 0.2%CWE-1260

In short

VSCO 1.1.1.0 crashes when users search for extremely long text strings. An attacker can paste 5000+ characters into the search box to freeze or crash the app.

Technical detail

A local denial of service vulnerability exists in VSCO 1.1.1.0's search functionality due to improper input validation on search queries. An unauthenticated local attacker can trigger an application crash by submitting an excessively long string (5000+ characters) through the search bar and navigating back, causing a buffer overflow or resource exhaustion condition.

Summary generated and translated by AI from the official description.

VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string through the search functionality. Attackers can paste a buffer of 5000 characters into the search bar and navigate back to trigger an application crash.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected products

vsco · VSCO

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/46385unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/46385 https://www.microsoft.com/store/productId/9NC1RLNH76PB https://www.vulncheck.com/advisories/vsco-denial-of-service-via-search