CVE-2019-25653

Summary

Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer of 550 repeated characters into the password parameter during Oracle connection configuration to trigger an application crash.

Affected Software

VendorProductVersion RangeStatus
NavicatNavicat for Oracle12.1.15affected

Weaknesses

  • CWE-620: Unverified Password Change

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References