CVE-2019-25599
Received Received - Intake
Denial of Service in Backup Key Recovery 2.2.4 via Name Field Overflow

Publication date: 2026-03-22

Last updated on: 2026-03-22

Assigner: VulnCheck

Description
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when submitting the form.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-22
Last Modified
2026-03-22
Generated
2026-06-16
AI Q&A
2026-03-22
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25599
EUVD
EUVD-2019-19940
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nsauditor backup_key_recovery 2.2.4
nsauditor backup_key_recovery to 2.2.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-466 A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25599 is a denial of service (DoS) vulnerability in Backup Key Recovery version 2.2.4 and earlier. It occurs because the application does not properly handle an excessively long string input in the Name field during user registration.

Local attackers can exploit this by pasting a string of 300 or more characters into the Name field, which causes the application to crash when the registration form is submitted.

This crash happens due to a pointer value being returned outside the expected range, which is a form of improper input validation or buffer handling.

Impact Analysis

This vulnerability can impact you by causing the Backup Key Recovery application to crash, resulting in a denial of service condition.

Since the attack requires local access but no privileges or user interaction, an attacker with local access can disrupt the availability of the application.

The impact is specifically on availability, meaning legitimate users may be unable to use the application while it is crashed.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the affected Backup Key Recovery application version 2.2.4 or earlier.'}, {'type': 'paragraph', 'content': 'A practical detection method involves creating an input string of 300 or more characters and pasting it into the Name field during the registration process of the application. If the application crashes upon submission, the vulnerability is present.'}, {'type': 'list_item', 'content': 'Create a file named "backup.txt" containing 300 "A" characters (e.g., using a command like `python -c "print(\'A\'*300)" > backup.txt`).'}, {'type': 'list_item', 'content': 'Open the file and copy its contents to the clipboard.'}, {'type': 'list_item', 'content': 'Launch the Backup Key Recovery application and select the Register option.'}, {'type': 'list_item', 'content': 'Paste the clipboard content into the Name field and enter any value in the Key field.'}, {'type': 'list_item', 'content': 'Submit the form and observe if the application crashes, indicating the vulnerability.'}] [1, 2]

Mitigation Strategies

To mitigate this vulnerability immediately, avoid allowing untrusted or excessively long input in the Name field during registration.

Restrict local access to the Backup Key Recovery application to trusted users only, since the attack requires local access.

Monitor and control user input lengths to ensure they do not exceed safe limits (less than 300 characters) in the Name field.

Consider applying any available patches or updates from the vendor once released.

If possible, run the application with least privilege to limit the impact of a crash.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25599. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart