Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively…
Watchr 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 8145 characters into the search bar and trigger a search operation to cause the application to crash.
The product allows address regions to overlap, which can result in the bypassing of intended memory protection.
https://cwe.mitre.org/data/definitions/1260.html →Open in CWE collection →An adversary inserts malicious logic into memory enabling them to achieve a negative impact. This logic is often hidden from the user of the system and works behind the scenes to achieve negative impacts. This pattern of attack focuses on systems already fielded and used in operation as opposed to systems that are still under development and part of the supply chain.
https://capec.mitre.org/data/definitions/456.html →Open in CAPEC collection →https://capec.mitre.org/data/definitions/679.html →Open in CAPEC collection →