Description
Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can create a malicious payload exceeding 4000 bytes and paste it into the Name input field to trigger an application crash and denial of service.
Published: 2026-04-26
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

Bome Restorator 1793 contains a buffer overflow vulnerability in the Name field that allows local attackers to crash the application by supplying an excessively long string exceeding 4000 bytes. The overflow results in an application crash, causing a denial of service that affects the ability of users to edit or manage projects through Restorator. The weakness is identified as CWE‑120, reflecting an unbounded buffer copy that can be leveraged by an attacker with access to the local system.

Affected Systems

The affected product is Bome Restorator version 1793. No other versions or updates are listed as affected, so organizations using this specific build of Restorator should verify their installations and check for any newer releases from Bome that may have fixed the issue.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium to high impact severity, while the EPSS score of less than 1% suggests that the vulnerability is only rarely exploited. The vulnerability is not listed in the CISA KEV catalog, further implying limited current exploitation activity. Because the attack vector is local, an attacker needs to be able to execute a program on the affected machine; however, once the buffer overflow is triggered, the application simply terminates, making it an easy-to-exploit denial of service if an attacker is present on the system.

Generated by OpenCVE AI on April 28, 2026 at 05:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Bome's official download page for an updated Restorator release that contains a fix for the buffer overflow and install it immediately.
  • If a patch is not available, consider disabling or removing the Name field functionality, or restricting the maximum input length if such configuration options exist; otherwise, avoid running Restorator on systems that remain vulnerable.
  • Run Restorator under a restricted user account with limited privileges to reduce the impact of an accidental crash, and monitor system logs for unexplained restarts that may indicate an attempt to trigger the buffer overflow.
  • Apply standard input validation best practices by ensuring that any third‑party plugins or scripts interacting with Restorator enforce strict length checks on the Name field to prevent accidental overflow.

Generated by OpenCVE AI on April 28, 2026 at 05:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Bome
Bome restorator
Vendors & Products Bome
Bome restorator

Mon, 27 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 26 Apr 2026 13:30:00 +0000

Type Values Removed Values Added
Description Bome Restorator 1793 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can create a malicious payload exceeding 4000 bytes and paste it into the Name input field to trigger an application crash and denial of service.
Title Bome Restorator 1793 Denial of Service via Buffer Overflow
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Bome Restorator
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-27T13:30:58.887Z

Reserved: 2026-04-26T13:10:38.705Z

Link: CVE-2018-25292

cve-icon Vulnrichment

Updated: 2026-04-27T13:09:32.163Z

cve-icon NVD

Status : Deferred

Published: 2026-04-26T22:17:30.507

Modified: 2026-04-27T18:53:00.053

Link: CVE-2018-25292

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T05:15:22Z

Weaknesses