CVE-2019-25584
Received Received - Intake
Buffer Overflow in RarmaRadio 2.72.3 Causes Application Crash

Publication date: 2026-03-22

Last updated on: 2026-03-24

Assigner: VulnCheck

Description
RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a malicious payload exceeding 4000 bytes into the Server field via the Settings menu to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-22
Last Modified
2026-03-24
Generated
2026-06-16
AI Q&A
2026-03-22
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25584
EUVD
EUVD-2019-19910
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
raimersoft rarmaradio 2.72.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25584 is a buffer overflow vulnerability in RarmaRadio version 2.72.3. It occurs in the Server field of the Network settings, where local attackers can input an excessively long stringβ€”over 4000 bytesβ€”causing the application to write data out of its intended bounds.

This out-of-bounds write leads to a crash of the application, effectively causing a denial of service condition.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS). An attacker with local access can crash the RarmaRadio application by supplying a maliciously long string in the Server field.

This crash disrupts the normal operation of the application, potentially causing loss of service or interruption for the user.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to reproduce the crash condition in the RarmaRadio application. Specifically, a proof-of-concept involves creating a text file containing 4000 'A' characters, copying this content to the clipboard, and pasting it into the Server field under Edit > Settings > Network in RarmaRadio version 2.72.3. Confirming the input by selecting OK will cause the application to crash if vulnerable."}, {'type': 'list_item', 'content': 'Create a text file named \'rarma_ser.txt\' with 4000 \'A\' characters (e.g., using a command like `python -c "print(\'A\'*4000)" > rarma_ser.txt`).'}, {'type': 'list_item', 'content': "Copy the contents of 'rarma_ser.txt' to the clipboard."}, {'type': 'list_item', 'content': 'Open RarmaRadio, navigate to Edit > Settings > Network, and paste the clipboard content into the Server field.'}, {'type': 'list_item', 'content': 'Click OK and observe if the application crashes, indicating the presence of the vulnerability.'}] [1, 2]

Mitigation Strategies

Immediate mitigation steps include avoiding the input of excessively long strings (over 4000 bytes) into the Server field of the Network settings in RarmaRadio version 2.72.3. Since the vulnerability requires local access, restricting user permissions and access to the application settings can reduce risk.

Additionally, monitor for updates or patches from the vendor and apply them as soon as they become available to address this buffer overflow vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25584. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart