Description
FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search operation is executed.
Published: 2026-04-04
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

FastTube version 1.0.1.0 contains a denial‑of‑service vulnerability that can be triggered when a user submits a search query longer than 1900 characters. The excessive string causes the application to crash, rendering it unavailable to the user initiating the request.

Affected Systems

The affected product is FastTube, version 1.0.1.0, as listed by the vendor. No other products or versions are noted.

Risk and Exploitability

The CVSS v3.1 score of 6.9 indicates a moderate‑to‑high impact. Exploitation requires local access to a device running the application, limiting the attack surface. EPSS data is not available, and the flaw is not currently listed in the CISA KEV catalog, but the moderate severity recommends that users patch promptly when an update is released.

Generated by OpenCVE AI on April 4, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update FastTube to a patched version if one is available.
  • If an update is not available, restrict local access to the application or run it in a sandboxed environment.
  • Monitor for repeated crashes and review application logs for abnormal activity.

Generated by OpenCVE AI on April 4, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Fasttube
Fasttube fasttube
Vendors & Products Fasttube
Fasttube fasttube

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 04 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
References

Sat, 04 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Description Microsoft FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search operation is executed. FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search operation is executed.
Title Microsoft FastTube 1.0.1.0 Denial of Service via Search FastTube 1.0.1.0 Denial of Service via Search

Sat, 04 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Microsoft FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search operation is executed.
Title Microsoft FastTube 1.0.1.0 Denial of Service via Search
Weaknesses CWE-763
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Fasttube Fasttube
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T15:40:16.729Z

Reserved: 2026-04-04T13:18:18.956Z

Link: CVE-2018-25243

cve-icon Vulnrichment

Updated: 2026-04-06T15:40:09.319Z

cve-icon NVD

Status : Deferred

Published: 2026-04-04T14:16:19.993

Modified: 2026-04-16T16:15:56.380

Link: CVE-2018-25243

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:57:44Z

Weaknesses