CVE-2019-25570

RealTerm Serial Terminal 2.0.0.70 Denial of Service via Port Field

CVSS 6.8 MEDIUMEPSS 0.2%CWE-1260

In short

RealTerm Serial Terminal 2.0.0.70 crashes when a user enters an extremely long string in the Port field. An attacker can cause the application to stop working by pasting over 1000 characters there and clicking open.

Technical detail

A buffer overflow or insufficient input validation in the Port field parsing allows local attackers to cause a denial of service by supplying an excessively long string (>1000 characters). The vulnerability is triggered upon clicking the open button, resulting in application crash without requiring elevated privileges.

Summary generated and translated by AI from the official description.

RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Port field. Attackers can paste a buffer of 1000 characters into the Port input field and click the open button to trigger a crash.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected products

Realterm · RealTerm: Serial Terminal

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://realterm.sourceforge.io/https://sourceforge.net/projects/realterm/files/https://www.exploit-db.com/exploits/46390 https://www.vulncheck.com/advisories/realterm-serial-terminal-denial-of-service-via-port-field