CVE-2019-25653

Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer of 550 repeated characters into the password parameter during Oracle connection configuration to trigger an application crash.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.exploit-db.com/exploits/46383	Exploit VDB Entry
https://www.navicat.com/es/	Product
https://www.navicat.com/es/download/navicat-for-oracle	Product
https://www.vulncheck.com/advisories/navicat-for-oracle-password-field-denial-of-service	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:navicat:navicat_for_oracle:*:*:*:*:*:*:*:*

History

08 Apr 2026, 16:31

Type	Values Removed	Values Added
CPE		cpe:2.3:a:navicat:navicat_for_oracle::::::::
Summary		(es) Navicat for Oracle 12.1.15 contiene una vulnerabilidad de denegación de servicio que permite a atacantes locales bloquear la aplicación al introducir una cadena excesivamente larga en el campo de contraseña. Los atacantes pueden pegar un búfer de 550 caracteres repetidos en el parámetro de contraseña durante la configuración de la conexión de Oracle para provocar un bloqueo de la aplicación.
First Time		Navicat navicat For Oracle Navicat
References	~~() https://www.exploit-db.com/exploits/46383 -~~	() https://www.exploit-db.com/exploits/46383 - Exploit, VDB Entry
References	~~() https://www.navicat.com/es/ -~~	() https://www.navicat.com/es/ - Product
References	~~() https://www.navicat.com/es/download/navicat-for-oracle -~~	() https://www.navicat.com/es/download/navicat-for-oracle - Product
References	~~() https://www.vulncheck.com/advisories/navicat-for-oracle-password-field-denial-of-service -~~	() https://www.vulncheck.com/advisories/navicat-for-oracle-password-field-denial-of-service - Third Party Advisory

30 Mar 2026, 12:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-30 12:16

Updated : 2026-04-08 16:31

NVD link : CVE-2019-25653

Mitre link : CVE-2019-25653

CVE.ORG link : CVE-2019-25653

JSON object : View

Products Affected

navicat

navicat_for_oracle

CWE

CWE-620

Unverified Password Change

6.2 /10