SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to trigger an application crash.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XNsasoft Spotauditor
APPNsasoft5.2.6
Related vulnerabilities
SpotAuditor 5.3.2 contains a local buffer overflow vulnerability in the Base64 Encrypted Password tool that al...
SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that...
SpotAuditor 5.3.1.0 contains a denial of service vulnerability that allows unauthenticated attackers to crash ...
SpotAuditor 5.3.2 contains a denial of service vulnerability in its Base64 decryption feature that allows atta...
An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes ...