Description
SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition.
Published: 2026-03-11
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via buffer overflow
Action: Assess Impact
AI Analysis

Impact

The vulnerability is a buffer overflow in SQL Server Password Changer 1.90 that allows a local attacker to supply an oversized payload—6000 bytes—to the User Name and Registration Code fields, causing the application to crash and trigger a denial of service condition. The weakness matches CWE-787, a buffer copy without proper bounds checking.

Affected Systems

The issue affects the application Top-Password: SQL Server Password Changer, specifically version 1.90.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity; the EPSS score of less than 1% suggests low current exploitation probability. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Exploitation requires local access to the vulnerable application, and successful exploitation results in a denial of service rather than escalation of privileges or data breach.

Generated by OpenCVE AI on March 17, 2026 at 14:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website or security advisories for an update or patch for SQL Server Password Changer 1.90.
  • If a patch is unavailable, restrict local access to the application or remove the software from the system.

Generated by OpenCVE AI on March 17, 2026 at 14:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Top Password Software
Top Password Software sql Server Password Changer
Vendors & Products Top Password Software
Top Password Software sql Server Password Changer

Wed, 11 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description SQL Server Password Changer 1.90 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload. Attackers can inject 6000 bytes of data into the User Name and Registration Code field to trigger a denial of service condition.
Title SQL Server Password Changer 1.90 Denial of Service Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Top Password Software Sql Server Password Changer
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-11T19:31:02.062Z

Reserved: 2026-02-23T12:12:40.875Z

Link: CVE-2019-25475

cve-icon Vulnrichment

Updated: 2026-03-11T19:22:48.821Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T19:16:01.413

Modified: 2026-03-12T21:08:22.643

Link: CVE-2019-25475

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:29:45Z

Weaknesses