PT-2026-29009 · Navicat · Navicat For Oracle
Victor Mondragón
·
Published
2026-03-30
·
Updated
2026-04-08
·
CVE-2019-25653
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Navicat for Oracle version 12.1.15
Description
Navicat for Oracle version 12.1.15 contains a denial of service issue that allows local attackers to crash the application. This occurs by providing an excessively long string in the password field during Oracle connection configuration. Specifically, pasting a buffer of 550 repeated characters into the
password parameter can trigger an application crash.Recommendations
Avoid using excessively long strings in the
password parameter during Oracle connection configuration.Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Navicat For Oracle