CVE-2019-25602

GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to trigger an application crash.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.exploit-db.com/exploits/47026
https://www.microsoft.com/store/productId/9NDTMZKLC693
https://www.vulncheck.com/advisories/gsearch-denial-of-service-via-search-input

Configurations

No configuration.

History

16 Apr 2026, 16:19

Type	Values Removed	Values Added
Summary		(es) GSearch 1.0.1.0 contiene una vulnerabilidad de denegación de servicio que permite a atacantes locales bloquear la aplicación al introducir una cadena excesivamente larga en la barra de búsqueda. Los atacantes pueden pegar un búfer de 2000 caracteres en el campo de búsqueda, hacer clic en buscar, y seleccionar cualquier resultado para provocar un bloqueo de la aplicación.

22 Mar 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-22 14:16

Updated : 2026-04-16 16:19

NVD link : CVE-2019-25602

Mitre link : CVE-2019-25602

CVE.ORG link : CVE-2019-25602

JSON object : View

Products Affected

No product.

CWE

CWE-1260

Improper Handling of Overlap Between Protected Memory Ranges

{"id": "CVE-2019-25602", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "disclosure@vulncheck.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-22T14:16:27.710", "references": [{"url": "https://www.exploit-db.com/exploits/47026", "source": "disclosure@vulncheck.com"}, {"url": "https://www.microsoft.com/store/productId/9NDTMZKLC693", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/gsearch-denial-of-service-via-search-input", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-1260"}]}], "descriptions": [{"lang": "en", "value": "GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to trigger an application crash."}, {"lang": "es", "value": "GSearch 1.0.1.0 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales bloquear la aplicaci\u00f3n al introducir una cadena excesivamente larga en la barra de b\u00fasqueda. Los atacantes pueden pegar un b\u00fafer de 2000 caracteres en el campo de b\u00fasqueda, hacer clic en buscar, y seleccionar cualquier resultado para provocar un bloqueo de la aplicaci\u00f3n."}], "lastModified": "2026-04-16T16:19:50.757", "sourceIdentifier": "disclosure@vulncheck.com"}