CVE-2019-25548
Received Received - Intake
Denial of Service via Oversized Input in BlueStacks Search Field

Publication date: 2026-03-21

Last updated on: 2026-04-16

Assigner: VulnCheck

Description
BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation to cause the application to crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25548
EUVD
EUVD-2019-19844
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bluestacks bluestacks 4.80.0.1060
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-466 A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2019-25548 is a denial of service (DoS) vulnerability in BlueStacks version 4.80.0.1060 and earlier. It occurs because the application improperly handles very large input submitted to its search field.'}, {'type': 'paragraph', 'content': "An attacker with local access can exploit this by pasting a buffer of 100,000 'A' characters into the search field and triggering a search operation, which causes the application to crash."}, {'type': 'paragraph', 'content': 'This vulnerability is classified under CWE-466 (Return of Pointer Value Outside of Expected Range) and results in a denial of service by crashing the BlueStacks application.'}] [1, 3]

Impact Analysis

This vulnerability can cause the BlueStacks application to crash, resulting in a denial of service.

An attacker with local access can disrupt the availability of the application by submitting an oversized input to the search field, making the application unusable until restarted.

Since the impact is on availability, it can interrupt normal use of BlueStacks, potentially affecting productivity or access to services running through the emulator.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the system running BlueStacks 4.80.0.1060 or earlier.'}, {'type': 'list_item', 'content': 'Create a file containing 100,000 \'A\' characters (e.g., using a Python script to generate a file named "exploit.txt" with the content "A" * 100000).'}, {'type': 'list_item', 'content': 'Copy the contents of this file to the clipboard.'}, {'type': 'list_item', 'content': 'Open the BlueStacks application.'}, {'type': 'list_item', 'content': 'Paste the clipboard content into the BlueStacks search field.'}, {'type': 'list_item', 'content': 'Trigger the search operation by clicking the search button.'}, {'type': 'paragraph', 'content': 'If the application crashes, the vulnerability is present.'}] [3]

Mitigation Strategies

To mitigate this vulnerability immediately, avoid pasting or submitting excessively large inputs (such as buffers of 100,000 characters) into the BlueStacks search field.

Restrict local access to the BlueStacks application to trusted users only, as the attack requires local access.

Monitor for application crashes related to search operations and restart BlueStacks if necessary.

Check for updates or patches from BlueStacks that address this vulnerability and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25548. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart