CVE-2019-25570

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions RealTerm Serial Terminal version 2.0.0.70

Description A denial of service issue exists in RealTerm Serial Terminal version 2.0.0.70 that allows local attackers to crash the application. This occurs by providing an excessively long string in the Port field. Specifically, pasting a buffer of 1000 characters into the Port input field and clicking the open button triggers the crash. The affected API endpoint is the port opening function.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, avoid entering excessively long strings (over 1000 characters) into the Port field.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1260

Related Identifiers

CVE-2019-25570

Affected Products

Realterm: Serial Terminal

CVE-2019-25570

Weakness Enumeration

Related Identifiers

Affected Products

References · 5