Description
Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Attackers can input a 5000-byte buffer of data into the 'Computer name or IP address' field during computer addition, causing a denial of service when the server entry is accessed.
Published: 2026-03-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a local buffer overflow in Terminal Services Manager 3.2.1 that can be triggered by supplying a long string to the computer name field when adding a server. This overflow causes the application to crash, resulting in a denial of service when the affected server entry is accessed. The weakness is a classic input validation flaw identified as CWE-787.

Affected Systems

The affected product is LizardSystems Terminal Services Manager, version 3.2.1. The vulnerability has not been reported in other versions, and no additional vendor or product variants are listed.

Risk and Exploitability

The CVSS score for this flaw is 6.9, indicating a moderate to high risk. EPSS data is not available, and the vulnerability is not in the CISA KEV catalog, which suggests it has not yet been widely exploited publicly. Attackers would need local access to the machine to supply the oversized string and induce the crash, so the attack vector is local. Because the impact is a denial of service rather than code execution or data exfiltration, the overall threat is limited to availability disruption for the affected application.

Generated by OpenCVE AI on March 21, 2026 at 14:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the LizardSystems website or support portal for an update that addresses the buffer overflow in Terminal Services Manager 3.2.1.
  • Apply the vendor’s patch or upgrade to a newer version once released.
  • If an update is not yet available, restrict or monitor any use of the 'Computer name or IP address' field for unusually long entries as a temporary workaround.

Generated by OpenCVE AI on March 21, 2026 at 14:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:lizardsystems:terminal_services_manager:3.2.1:*:*:*:*:*:*:*

Tue, 24 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Lizardsystems
Lizardsystems terminal Services Manager
Vendors & Products Lizardsystems
Lizardsystems terminal Services Manager

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description Terminal Services Manager 3.2.1 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string in the computer name field. Attackers can input a 5000-byte buffer of data into the 'Computer name or IP address' field during computer addition, causing a denial of service when the server entry is accessed.
Title Terminal Services Manager 3.2.1 Local Buffer Overflow Denial of Service
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Lizardsystems Terminal Services Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T20:22:15.804Z

Reserved: 2026-03-21T12:23:28.671Z

Link: CVE-2019-25545

cve-icon Vulnrichment

Updated: 2026-03-23T20:22:07.527Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:16.193

Modified: 2026-04-16T17:44:44.923

Link: CVE-2019-25545

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:37Z

Weaknesses