CVE-2019-25559
Received Received - Intake
Denial of Service via Buffer Overflow in SpotPaltalk 1.1.5 Registration

Publication date: 2026-03-21

Last updated on: 2026-04-16

Assigner: VulnCheck

Description
SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during registration to trigger a crash when the OK button is clicked.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-21
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-03-21
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25559
EUVD
EUVD-2019-19866
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nsasoft spotpaltalk 1.1.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1260 The product allows address regions to overlap, which can result in the bypassing of intended memory protection.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25559 is a denial of service (DoS) vulnerability in SpotPaltalk version 1.1.5. It occurs in the registration code input field called the Name/Key field. Local attackers can cause the application to crash by submitting an excessively long stringβ€”specifically, a buffer of 1000 charactersβ€”into this field during registration and then clicking the OK button.

This vulnerability is due to improper handling of input length, which leads to a buffer overflow condition that crashes the application.

Impact Analysis

The primary impact of this vulnerability is a denial of service, meaning that an attacker can crash the SpotPaltalk application on a local machine by exploiting the input field flaw.

This crash disrupts the availability of the application, potentially causing inconvenience or interruption of service for legitimate users.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the SpotPaltalk 1.1.5 application. A proof-of-concept exploit involves creating a buffer of 1000 characters and pasting it into the Name/Key registration field.'}, {'type': 'list_item', 'content': "Create a file containing 1000 'A' characters (e.g., using a Python script to generate '\\x41' * 1000)."}, {'type': 'list_item', 'content': 'Copy the contents of this file to the clipboard.'}, {'type': 'list_item', 'content': "Open SpotPaltalk, navigate to 'Register' > 'Enter Registration Code...'."}, {'type': 'list_item', 'content': 'Paste the 1000-character buffer into the Name/Key field.'}, {'type': 'list_item', 'content': 'Click the OK button and observe if the application crashes, indicating the presence of the vulnerability.'}] [1, 2]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of SpotPaltalk version 1.1.5 or earlier until a patch or update is available.

Limit local user access to the application to prevent exploitation by local attackers.

Educate users not to paste or enter excessively long strings into the Name/Key registration field.

Monitor for application crashes related to the registration process as an indicator of attempted exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25559. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart