CVE-2019-25572

Summary

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash.

Affected Software

VendorProductVersion RangeStatus
NordvpnNordVPN6.19.6affected

Weaknesses

  • CWE-1260: Improper Handling of Overlap Between Protected Memory Ranges

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References