CVE-2019-25341 | THREATINT

Description

iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger an application crash.

PUBLISHED Reserved 2026-02-12 | Published 2026-02-12 | Updated 2026-02-13 | Assigner VulnCheck

MEDIUM: 6.7CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Stack-based Buffer Overflow

Product status

8.20

affected

Credits

Ivan Marmolejo finder

References

www.exploit-db.com/exploits/47716 (ExploitDB-47716) exploit

apps.apple.com/...p/inettools-ping-dns-port-scan/id561659975 (Official App Store Page) product

www.vulncheck.com/...ettools-for-ios-whois-denial-of-service (VulnCheck Advisory: iNetTools for iOS 8.20 - 'Whois' Denial of Service) third-party-advisory

cve.org (CVE-2019-25341)

nvd.nist.gov (CVE-2019-25341)

Download JSON