CVE-2019-25548

BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation to cause the application to crash.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.bluestacks.com	Product
https://www.exploit-db.com/exploits/46893	Exploit VDB Entry
https://www.vulncheck.com/advisories/bluestacks-denial-of-service-via-search-field	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:bluestacks:bluestacks:4.80.0.1060:*:*:*:*:*:*:*

History

16 Apr 2026, 17:52

Type	Values Removed	Values Added
CPE		cpe:2.3:a:bluestacks:bluestacks:4.80.0.1060:::::::*
Summary		(es) BlueStacks 4.80.0.1060 contiene una vulnerabilidad de denegación de servicio que permite a atacantes locales bloquear la aplicación al enviar una entrada de tamaño excesivo al campo de búsqueda. Los atacantes pueden pegar un búfer de 100.000 caracteres 'A' en el campo de búsqueda y activar una operación de búsqueda para hacer que la aplicación se bloquee.
References	~~() https://www.bluestacks.com -~~	() https://www.bluestacks.com - Product
References	~~() https://www.exploit-db.com/exploits/46893 -~~	() https://www.exploit-db.com/exploits/46893 - Exploit, VDB Entry
References	~~() https://www.vulncheck.com/advisories/bluestacks-denial-of-service-via-search-field -~~	() https://www.vulncheck.com/advisories/bluestacks-denial-of-service-via-search-field - Third Party Advisory
First Time		Bluestacks Bluestacks bluestacks

21 Mar 2026, 13:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-21 13:16

Updated : 2026-04-16 17:52

NVD link : CVE-2019-25548

Mitre link : CVE-2019-25548

CVE.ORG link : CVE-2019-25548

JSON object : View

Products Affected

bluestacks

bluestacks

CWE

CWE-466

Return of Pointer Value Outside of Expected Range

{"id": "CVE-2019-25548", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-21T13:16:16.753", "references": [{"url": "https://www.bluestacks.com", "tags": ["Product"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/46893", "tags": ["Exploit", "VDB Entry"], "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/bluestacks-denial-of-service-via-search-field", "tags": ["Third Party Advisory"], "source": "disclosure@vulncheck.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-466"}]}], "descriptions": [{"lang": "en", "value": "BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation to cause the application to crash."}, {"lang": "es", "value": "BlueStacks 4.80.0.1060 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales bloquear la aplicaci\u00f3n al enviar una entrada de tama\u00f1o excesivo al campo de b\u00fasqueda. Los atacantes pueden pegar un b\u00fafer de 100.000 caracteres 'A' en el campo de b\u00fasqueda y activar una operaci\u00f3n de b\u00fasqueda para hacer que la aplicaci\u00f3n se bloquee."}], "lastModified": "2026-04-16T17:52:18.590", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bluestacks:bluestacks:4.80.0.1060:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8663920-DF15-4168-88E5-040BC758921F"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@vulncheck.com"}