CVE-2019-25434

EUVD-2019-19612
SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting excessive data in the registration name field. Attackers can enter a large string of characters (5000 bytes or more) in the name field during registration to trigger an unhandled exception that crashes the application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
nsasoftspotauditor
𝑥
≤ 5.3.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.nsauditor.com
https://www.exploit-db.com/exploits/47494
https://www.vulncheck.com/advisories/spotauditor-denial-of-service-via-registration-name-field