CVE-2019-25572

NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow

CVSS 6.9 MEDIUMEPSS 0.2%CWE-1260

In short

NordVPN 6.19.6 crashes when you paste an extremely long text (100,000+ characters) into the email field during login. This allows someone with access to the computer to make the app stop working.

Technical detail

A buffer overflow vulnerability in the email input field allows local attackers to cause a denial of service by submitting an excessively long string exceeding the allocated buffer size. The attack requires local access and user interaction to paste malicious input into the login form, resulting in application crash.

Summary generated and translated by AI from the official description.

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected products

Nordvpn · NordVPN

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe https://nordvpn.com/https://www.exploit-db.com/exploits/46343 https://www.vulncheck.com/advisories/nordvpn-denial-of-service-via-email-field-buffer-overflow