CVE-2019-25551
Denial of Service in Sandboxie 5.30 via Program Alerts Buffer Overflow
Publication date: 2026-03-21
Last updated on: 2026-03-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sandboxie-plus | sandboxie | 5.30 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1282 | Immutable data, such as a first-stage bootloader, device identifiers, and "write-once" configuration settings are stored in writable memory that can be re-programmed or updated in the field. |
| CWE-1284 | The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2019-25551 is a denial of service vulnerability in Sandboxie version 5.30 and earlier. It occurs due to a buffer overflow in the Program Alerts configuration field when a local attacker inputs an excessively long string, such as a 5000-character buffer, into the 'Select or enter a program' field. This causes the application to crash."}, {'type': 'paragraph', 'content': 'The vulnerability is classified under CWE-1282, which means that data assumed to be immutable is stored in writable memory, leading to this overflow and crash.'}] [2, 3]
How can this vulnerability impact me? :
This vulnerability allows a local attacker to crash the Sandboxie application by supplying an excessively long string in the Program Alerts configuration field. The impact is a denial of service, meaning the application becomes unavailable or stops functioning properly.
Since the attack requires local access and no privileges or user interaction, it can disrupt availability of Sandboxie for legitimate users, potentially interrupting workflows or security measures relying on Sandboxie.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to reproduce the crash condition in Sandboxie 5.30 by pasting an excessively long string (such as a 5000-character buffer) into the 'Select or enter a program' field under the 'Configure' > 'Programs Alerts' section."}, {'type': 'paragraph', 'content': "A practical detection method involves creating a file containing 5000 'A' characters and then copying its content to the clipboard to paste into the vulnerable field, which triggers the denial of service."}, {'type': 'paragraph', 'content': 'There are no specific network commands to detect this vulnerability since it is triggered locally within the application.'}, {'type': 'list_item', 'content': "Create a file named Sandboxie.txt with 5000 'A' characters (e.g., using a Python script or command line)."}, {'type': 'list_item', 'content': 'Copy the contents of Sandboxie.txt to the clipboard.'}, {'type': 'list_item', 'content': "Open Sandboxie Control, navigate to Configure > Programs Alerts, and paste the buffer into the 'Select or enter a program' field."}, {'type': 'paragraph', 'content': 'If the application crashes, the vulnerability is present.'}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include avoiding the use of the 'Select or enter a program' field in the Programs Alerts configuration with excessively long input strings."}, {'type': 'paragraph', 'content': 'Restrict local user access to Sandboxie configuration to prevent attackers from supplying maliciously long strings.'}, {'type': 'paragraph', 'content': 'Monitor for updates or patches from Sandboxie that address this denial of service vulnerability and apply them as soon as they become available.'}, {'type': 'paragraph', 'content': 'As a temporary workaround, educate users and administrators not to paste or enter very long strings into the Program Alerts configuration fields.'}] [3]