CVE-2019-25666: SpotAuditor Buffer Overflow (3.6.7)
Platform
c
Component
spotauditor
CVE-2019-25666 is a local buffer overflow vulnerability discovered in SpotAuditor. This flaw allows an attacker to crash the application by providing an oversized Base64 string to the Base64 Password Decoder component, resulting in a denial of service. The vulnerability affects SpotAuditor version 3.6.7. No official patch has been released to address this issue.
How to fix
Actualice SpotAuditor a una versión corregida que solucione la vulnerabilidad de desbordamiento de búfer en el componente de decodificación de contraseñas Base64. Consulte la documentación del proveedor o su sitio web para obtener información sobre las actualizaciones disponibles.
Frequently asked questions
What is CVE-2019-25666?
CVE-2019-25666 is a buffer overflow vulnerability in SpotAuditor's Base64 Password Decoder. It allows an attacker to crash the application by sending a specially crafted, oversized Base64 string.
Am I affected by CVE-2019-25666?
You are affected if you are running SpotAuditor version 3.6.7. Versions prior to and after this are not known to be affected.
How can I fix or mitigate CVE-2019-25666?
Currently, there is no official patch available for CVE-2019-25666. As a mitigation, consider upgrading to a newer, patched version of SpotAuditor when available, or restricting access to the decoder interface.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free