CVE-2019-25599— Backup Key Recovery 2.2.4 Denial of Service via Name Field
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-25599
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Backup Key Recovery 2.2.4 Denial of Service via Name Field
Source: NVD (National Vulnerability Database)
Vulnerability Description
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when submitting the form.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
在预期范围外返回指针值
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nsasoft Backup Key Recovery 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nsasoft Backup Key Recovery是美国Nsasoft公司的一款产品密钥恢复软件。 Nsasoft Backup Key Recovery 2.2.4版本存在安全漏洞,该漏洞源于Name字段存在拒绝服务漏洞,可能导致本地攻击者通过提供超长字符串使应用程序崩溃。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Nsauditor | Backup Key Recovery | 2.2.4 | - |
II. Public POCs for CVE-2019-25599
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-25599
请登录查看更多情报信息。
Same Patch Batch · Nsauditor · 2026-03-22 · 4 CVEs total
| CVE-2019-25596 | 6.2 MEDIUM | SpotAuditor 5.2.6 Name Field Denial of Service |
| CVE-2019-25597 | 6.2 MEDIUM | NSauditor 3.1.2.0 Denial of Service via Community Field |
| CVE-2019-25591 | 6.2 MEDIUM | DNSS Domain Name Search Software 2.1.8 Denial of Service |
IV. Related Vulnerabilities
Same vendor: Nsauditor
- CVE-2019-25711
SpotFTP Password Recover 2.4.2 Denial of Service via Name Fi - CVE-2019-25712
BlueAuditor 1.7.2.0 Buffer Overflow Denial of Service via Re - CVE-2019-25666
SpotAuditor 3.6.7 Denial of Service Buffer Overflow - CVE-2018-25213
Nsauditor 3.0.28.0 Local SEH Buffer Overflow - CVE-2019-25597
NSauditor 3.1.2.0 Denial of Service via Community Field
Same weakness: CWE-466
- CVE-2018-25234
SmartFTP Client 9.0.2615.0 Denial of Service via Host Field - CVE-2018-25227
Valentina Studio 9.0.4 Denial of Service via Host Parameter - CVE-2019-25586
Deluge 1.3.15 Denial of Service via URL Field - CVE-2019-25548
BlueStacks 4.80.0.1060 Denial of Service via Search Field - CVE-2024-33602
nscd: netgroup cache assumes NSS callback uses in-buffer str
V. Comments for CVE-2019-25599
No comments yet