CVE-2019-25593
BaseFortify
Publication date: 2026-03-22
Last updated on: 2026-03-23
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1285 | The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25593 is a denial of service vulnerability in jetCast Server version 2.0. It occurs because the application does not properly validate the length of input supplied in the Log directory configuration field.
A local attacker can supply an excessively long stringβspecifically a buffer of 5000 charactersβinto this Log directory field. When the server process is started with this input, it causes a buffer overflow that crashes the application, terminating the server process.
How can this vulnerability impact me? :
This vulnerability can cause the jetCast Server application to crash, resulting in a denial of service condition.
An attacker with local access can exploit this by inputting a very long string into the Log directory configuration, causing the server to terminate unexpectedly.
The impact is that the service provided by the jetCast Server becomes unavailable until it is restarted, potentially disrupting operations that depend on it.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition on the jetCast Server 2.0 application by supplying an excessively long string in the Log directory configuration field.'}, {'type': 'list_item', 'content': 'Run the provided Python script `jetCast_Server_2.0.py` to generate a test input file.'}, {'type': 'list_item', 'content': 'Open the generated file `jetCast.txt` and copy its contents (a 5000-character string).'}, {'type': 'list_item', 'content': 'Launch the jetCast Server application.'}, {'type': 'list_item', 'content': 'Navigate to the "Config" menu.'}, {'type': 'list_item', 'content': 'Paste the copied 5000-character string into the "Log directory" field.'}, {'type': 'list_item', 'content': 'Click "Ok" and then "Start" to initiate the server.'}, {'type': 'paragraph', 'content': 'If the application crashes or terminates unexpectedly, the vulnerability is present.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of excessively long strings in the Log directory configuration field of jetCast Server 2.0.
Restrict local user access to the jetCast Server configuration to prevent attackers from supplying malicious input.
Monitor the application for crashes and restart the server if it terminates unexpectedly.
Consider applying any available patches or updates from the vendor once released.