CVE-2019-25602
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-03-22

Last updated on: 2026-03-23

Assigner: VulnCheck

Description
GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-22
Last Modified
2026-03-23
Generated
2026-06-16
AI Q&A
2026-03-22
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25602
EUVD
EUVD-2019-19946
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1260 The product allows address regions to overlap, which can result in the bypassing of intended memory protection.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25602 is a denial of service vulnerability in GSearch version 1.0.1.0. It occurs because the application improperly handles an excessively long input string in the search bar.

A local attacker can paste a buffer of about 2000 characters into the search field, perform a search, and then select any search result to cause the application to crash.

Impact Analysis

This vulnerability can cause the GSearch application to crash, resulting in a denial of service condition.

An attacker with local access can disrupt the normal operation of the application by triggering this crash, potentially affecting availability.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the affected GSearch application version 1.0.1.0. Specifically, you can test by inputting a long string of 2000 characters into the search bar and observing if the application crashes upon selecting any search result.'}, {'type': 'paragraph', 'content': "A practical detection method involves using the provided proof-of-concept exploit which generates a payload of 2000 'A' characters. You can create this payload using a simple script or command, then paste it into the search bar of GSearch and trigger a search."}, {'type': 'paragraph', 'content': 'For example, you can use the following Python command to generate the payload text file:'}, {'type': 'list_item', 'content': 'python -c "print(\'A\'*2000)" > PoC.txt'}, {'type': 'paragraph', 'content': 'Then open the PoC.txt file, copy the content, paste it into the GSearch search input, perform a search, and select any result to check if the application crashes, indicating the presence of the vulnerability.'}] [1, 2]

Mitigation Strategies

Immediate mitigation steps include restricting local user access to the GSearch application to prevent untrusted users from inputting excessively long strings into the search bar.

Since the vulnerability requires local user interaction, limiting user privileges and educating users to avoid pasting or entering unusually long strings in the search field can reduce risk.

Additionally, monitoring for application crashes and restarting the application as needed can help maintain availability until a patch or update is available.

It is also recommended to check for any official patches or updates from the vendor addressing this issue and apply them as soon as they become available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25602. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart