CVE-2019-25570
Denial of Service via Buffer Overflow in RealTerm
Publication date: 2026-03-21
Last updated on: 2026-03-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| crun | realterm | 2.0.0.70 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1260 | The product allows address regions to overlap, which can result in the bypassing of intended memory protection. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25570 is a denial of service (DoS) vulnerability in RealTerm Serial Terminal version 2.0.0.70 and earlier. It occurs because the application improperly handles input in the Port field.
Local attackers can crash the application by entering an excessively long string, such as a buffer of 1000 characters, into the Port input field and then clicking the open button.
This vulnerability is classified under CWE-1260, which involves improper handling of overlap between protected memory ranges, leading to a buffer overflow condition that causes the application to crash.
How can this vulnerability impact me? :
This vulnerability can impact you by causing the RealTerm Serial Terminal application to crash, resulting in a denial of service.
An attacker with local access can exploit this by inputting a long string into the Port field and triggering the crash, which disrupts normal use of the application.
The impact is specifically on availability, as the application becomes unusable until restarted.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition locally on the system running RealTerm Serial Terminal version 2.0.0.70 or earlier.'}, {'type': 'paragraph', 'content': 'Specifically, you can test by inputting an excessively long string (such as 1000 characters) into the Port input field of the RealTerm application and then clicking the open button. If the application crashes, the vulnerability is present.'}, {'type': 'paragraph', 'content': "A practical approach involves using a prepared buffer of 1000 characters (e.g., 1000 'A's) copied to the clipboard and pasted into the Port field."}, {'type': 'paragraph', 'content': "For example, you can generate the buffer using a simple Python script to create a file with 1000 'A's, then copy its content to the clipboard and paste it into the Port field:"}, {'type': 'list_item', 'content': 'Run a Python script to create a file with 1000 \'A\' characters (e.g., "PoC.txt").'}, {'type': 'list_item', 'content': 'Open the file, copy the content to the clipboard.'}, {'type': 'list_item', 'content': 'Paste the content into the Port input field of RealTerm.'}, {'type': 'list_item', 'content': 'Click the open button and observe if the application crashes.'}] [2, 1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, avoid entering excessively long strings into the Port input field of RealTerm Serial Terminal.
Ensure that only trusted users have local access to the system running RealTerm, as the attack requires local user interaction.
If possible, update to a version of RealTerm that addresses this vulnerability or apply any available patches from the vendor.
As a temporary workaround, restrict user permissions or usage policies to prevent pasting or entering large inputs into the Port field.