Description
Drive Power Manager 1.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a 6000-byte payload into the Name field and click Register to trigger a denial of service condition.
Published: 2026-04-26
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Monitor
AI Analysis

Impact

Drive Power Manager 1.10 contains a local buffer overflow that can be triggered by entering a string longer than the expected limit in the Name field. The overflow corrupts memory and causes a crash, resulting in a denial of service. The flaw belongs to CWE‑120, a classic buffer copy error.

Affected Systems

This issue affects the Hdtune Drive Power Manager application, version 1.10, available for Windows platforms. Only the specified 1.10 release is confirmed vulnerable.

Risk and Exploitability

The CVSS score of 6.8 indicates moderate severity, with an EPSS score below 1 % showing a very low probability of exploitation. The vulnerability is local, requiring the attacker to have access to the machine where Drive Power Manager runs. It is not listed in the CISA KEV catalog, which further reduces its immediate threat. However, because the denial-of-service can be easily triggered by a large payload, it can be used to disrupt operations or as a vector in a larger attack chain.

Generated by OpenCVE AI on April 28, 2026 at 13:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for vendor‑released updates or patches for Drive Power Manager.
  • Modify the application to enforce a strict length limit on the Name field, rejecting input longer than the allowed size.
  • Restrict untrusted local users from launching or interacting with Drive Power Manager, ensuring only authorized accounts can access it.

Generated by OpenCVE AI on April 28, 2026 at 13:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Hdtune
Hdtune drive Power Manager
Vendors & Products Hdtune
Hdtune drive Power Manager

Mon, 27 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Description Drive Power Manager 1.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a 6000-byte payload into the Name field and click Register to trigger a denial of service condition.
Title Drive Power Manager 1.10 Denial of Service via Name Field
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hdtune Drive Power Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T13:08:33.585Z

Reserved: 2026-04-26T13:08:00.503Z

Link: CVE-2018-25287

cve-icon Vulnrichment

Updated: 2026-04-27T13:08:30.731Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T22:17:29.753

Modified: 2026-04-27T18:55:32.883

Link: CVE-2018-25287

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T13:30:32Z

Weaknesses