CVE-2018-25240

Watchr 1.1.0.0 Denial of Service via Search

CVSS 6.9 MEDIUMEPSS 0.1%CWE-1260

In short

Watchr 1.1.0.0 crashes when users search for extremely long text strings. An attacker can paste over 8,000 characters into the search box to make the app stop working.

Technical detail

A buffer overflow vulnerability in Watchr 1.1.0.0's search functionality allows local attackers to trigger a denial of service by submitting an excessively long input string (≥8145 characters). The application fails to validate input length, causing a crash when the search operation processes the oversized buffer.

Summary generated and translated by AI from the official description.

Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the application to crash.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected products

Watchr · Watchr

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/46194unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/46194 https://www.microsoft.com/store/productId/9PN12GNX62VZ https://www.vulncheck.com/advisories/watchr-denial-of-service-via-search