Description
Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiating a search operation.
Published: 2026-04-04
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Update
AI Analysis

Impact

The vulnerability is a denial‑of‑service flaw in Eco Search 1.0.2.0 that arises when the search feature accepts an overly long input string. Exhausting the application’s buffer crashes the process, making the application unavailable until it is restarted.

Affected Systems

Affected product is Eco Search, version 1.0.2.0, from vendor EcoSearch. No additional versions or products are listed as vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate risk. No EPSS score is available, and the vulnerability is not cataloged in CISA’s KEV. Attackers must have local access to submit the long search string; the flaw exploits an input‑validation weakness, so exploitation requires the target to be running the application. The impact is limited to service availability for local users, but can affect business continuity if the application is critical.

Generated by OpenCVE AI on April 4, 2026 at 18:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check EcoSearch vendor website for an updated version that includes the fix.
  • Upgrade Eco Search to the latest available version if an update exists.
  • If an update is not available, consider implementing input size limits on the search field or disabling the search feature until a patch is available.
  • Monitor vulnerability databases and advisories for patch releases and apply them promptly.

Generated by OpenCVE AI on April 4, 2026 at 18:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Ecosearch
Ecosearch eco Search
Vendors & Products Ecosearch
Ecosearch eco Search

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 04 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
References

Sat, 04 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Description Microsoft Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiating a search operation. Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiating a search operation.
Title Microsoft Eco Search 1.0.2.0 Denial of Service Eco Search 1.0.2.0 Denial of Service

Sat, 04 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Microsoft Eco Search 1.0.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar and trigger a crash by initiating a search operation.
Title Microsoft Eco Search 1.0.2.0 Denial of Service
Weaknesses CWE-1312
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Ecosearch Eco Search
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T18:02:54.185Z

Reserved: 2026-04-04T13:18:51.100Z

Link: CVE-2018-25244

cve-icon Vulnrichment

Updated: 2026-04-06T17:59:45.461Z

cve-icon NVD

Status : Deferred

Published: 2026-04-04T14:16:20.160

Modified: 2026-04-16T16:15:56.380

Link: CVE-2018-25244

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:57:43Z

Weaknesses