CVE-2019-25659: ASPRunner Pro Buffer Overflow (6.0.766)
Platform
php
Component
asprunner-professional
CVE-2019-25659 represents a local buffer overflow vulnerability identified in ASPRunner Professional. This flaw allows an attacker to trigger a denial of service by providing an excessively long project name during project creation, leading to an application crash. The vulnerability specifically affects version 6.0.766 of ASPRunner Professional, and as of the last update, no official patch has been released to address this issue.
How to fix
Actualice a una versión corregida de ASPRunner Professional. Consulte la documentación del proveedor (Xlinesoft) para obtener información sobre las versiones disponibles y los pasos de actualización. Evite usar la versión 6.0.766 hasta que se aplique la corrección.
Frequently asked questions
What is CVE-2019-25659?
CVE-2019-25659 is a buffer overflow vulnerability in ASPRunner Professional 6.0.766. An attacker can cause a denial of service by entering a project name exceeding a certain length (180+ characters).
Am I affected by CVE-2019-25659?
You are likely affected if you are using ASPRunner Professional version 6.0.766. If you've upgraded to a later version, check the vendor's security advisories to confirm if the vulnerability has been addressed.
How can I fix or mitigate CVE-2019-25659?
As of the last update, no official patch is available for this vulnerability. Mitigation strategies may include restricting the length of project names entered by users or implementing input validation to prevent excessively long strings.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free