CVE-2019-25551
Received Received - Intake
Denial of Service in Sandboxie 5.30 via Program Alerts Buffer Overflow

Publication date: 2026-03-21

Last updated on: 2026-03-23

Assigner: VulnCheck

Description
Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the 'Select or enter a program' field during program alert configuration to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-03-23
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25551
EUVD
EUVD-2019-19850
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sandboxie-plus sandboxie 5.30
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1282 Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated in the field.
CWE-1284 The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2019-25551 is a denial of service vulnerability in Sandboxie version 5.30 and earlier. It occurs due to a buffer overflow in the Program Alerts configuration field when a local attacker inputs an excessively long string, such as a 5000-character buffer, into the 'Select or enter a program' field. This causes the application to crash."}, {'type': 'paragraph', 'content': 'The vulnerability is classified under CWE-1282, which means that data assumed to be immutable is stored in writable memory, leading to this overflow and crash.'}] [2, 3]

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to reproduce the crash condition in Sandboxie 5.30 by pasting an excessively long string (such as a 5000-character buffer) into the 'Select or enter a program' field under the 'Configure' > 'Programs Alerts' section."}, {'type': 'paragraph', 'content': "A practical detection method involves creating a file containing 5000 'A' characters and then copying its content to the clipboard to paste into the vulnerable field, which triggers the denial of service."}, {'type': 'paragraph', 'content': 'There are no specific network commands to detect this vulnerability since it is triggered locally within the application.'}, {'type': 'list_item', 'content': "Create a file named Sandboxie.txt with 5000 'A' characters (e.g., using a Python script or command line)."}, {'type': 'list_item', 'content': 'Copy the contents of Sandboxie.txt to the clipboard.'}, {'type': 'list_item', 'content': "Open Sandboxie Control, navigate to Configure > Programs Alerts, and paste the buffer into the 'Select or enter a program' field."}, {'type': 'paragraph', 'content': 'If the application crashes, the vulnerability is present.'}] [2, 3]

Mitigation Strategies

[{'type': 'paragraph', 'content': "Immediate mitigation steps include avoiding the use of the 'Select or enter a program' field in the Programs Alerts configuration with excessively long input strings."}, {'type': 'paragraph', 'content': 'Restrict local user access to Sandboxie configuration to prevent attackers from supplying maliciously long strings.'}, {'type': 'paragraph', 'content': 'Monitor for updates or patches from Sandboxie that address this denial of service vulnerability and apply them as soon as they become available.'}, {'type': 'paragraph', 'content': 'As a temporary workaround, educate users and administrators not to paste or enter very long strings into the Program Alerts configuration fields.'}] [3]

Impact Analysis

This vulnerability allows a local attacker to crash the Sandboxie application by supplying an excessively long string in the Program Alerts configuration field. The impact is a denial of service, meaning the application becomes unavailable or stops functioning properly.

Since the attack requires local access and no privileges or user interaction, it can disrupt availability of Sandboxie for legitimate users, potentially interrupting workflows or security measures relying on Sandboxie.

Compliance Impact

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25551. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart