CVE-2018-25232

Summary

Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characters in the Log Files Location custom path parameter to trigger a crash when the OK button is clicked.

Affected Software

VendorProductVersion RangeStatus
MessengerSoftros LAN Messenger9.2affected

Weaknesses

  • CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References