CVE-2019-25660 | THREATINT

Description

LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Attackers can exploit the Form Send Message feature by pasting 6000 bytes of data into the Message text field to trigger a denial of service condition.

PUBLISHED Reserved 2026-04-05 | Published 2026-04-05 | Updated 2026-04-06 | Assigner VulnCheck

MEDIUM: 6.9CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

MEDIUM: 6.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Out-of-bounds Write

Product status

1.74

affected

Credits

Rafael Pedrero finder

References

www.exploit-db.com/exploits/46295 (ExploitDB-46295) exploit

www.hainsoft.com/ (Official Product Homepage) product

www.vulncheck.com/...r-denial-of-service-via-buffer-overflow (VulnCheck Advisory: LanHelper 1.74 Denial of Service via Buffer Overflow) third-party-advisory

cve.org (CVE-2019-25660)

nvd.nist.gov (CVE-2019-25660)

Download JSON