Description
7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 7700 characters into the search bar to trigger an application crash.
Published: 2026-04-04
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Update Application
AI Analysis

Impact

The vulnerability is a buffer‑overflow condition triggered when users submit search strings longer than 7700 characters. This leads to an application crash and renders the 7 Tik interface unavailable. The weakness is classified as CWE‑601, indicating improper handling of user‑supplied data that causes the denial of service.

Affected Systems

Only the 7 Tik product, version 1.0.1.0, is affected according to the CNA data. No other versions or products are listed as vulnerable.

Risk and Exploitability

The CVSS base score of 8.7 indicates a high severity for availability impact. No EPSS score is reported and the vulnerability is not listed in the CISA KEV catalog, implying limited known exploitation. The attack likely requires only access to the search feature, meaning a local user or anyone who can reach the application’s search endpoint can trigger the crash without special privileges.

Generated by OpenCVE AI on April 4, 2026 at 19:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade 7 Tik to the latest patched release that fixes the search‑input buffer overflow.
  • If an upgrade is not feasible, configure the application to reject search strings longer than 7700 characters or disable the search feature entirely.
  • Avoid exposing the 7 Tik application to untrusted users and monitor logs for repeated crash events.

Generated by OpenCVE AI on April 4, 2026 at 19:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared 7tik
7tik 7 Tik
Vendors & Products 7tik
7tik 7 Tik

Mon, 06 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 04 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
References

Sat, 04 Apr 2026 16:15:00 +0000

Type Values Removed Values Added
Description Microsoft 7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 7700 characters into the search bar to trigger an application crash. 7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 7700 characters into the search bar to trigger an application crash.
Title Microsoft 7 Tik 1.0.1.0 Denial of Service via Search 7 Tik 1.0.1.0 Denial of Service via Search

Sat, 04 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Microsoft 7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 7700 characters into the search bar to trigger an application crash.
Title Microsoft 7 Tik 1.0.1.0 Denial of Service via Search
Weaknesses CWE-601
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

7tik 7 Tik
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T16:41:49.928Z

Reserved: 2026-04-04T13:19:01.828Z

Link: CVE-2018-25245

cve-icon Vulnrichment

Updated: 2026-04-06T16:41:45.663Z

cve-icon NVD

Status : Deferred

Published: 2026-04-04T14:16:20.330

Modified: 2026-04-16T16:15:56.380

Link: CVE-2018-25245

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:57:42Z

Weaknesses