Description
BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation to cause the application to crash.
Published: 2026-03-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

BlueStacks 4.80.0.1060 contains a vulnerability that allows a local user to cause the application to crash by submitting an oversized input to the search field. The buffer overrun in the search component can be triggered by pasting 100,000 "A" characters, resulting in a denial‑of‑service that terminates the emulator. The issue is catalogued as CWE‑466.

Affected Systems

Affected releases span a broad range of BlueStacks versions, from 3.0.0 through 4.80.0.1060, as listed in the Common Platform Enumeration data. Any installation of BlueStacks running a version within this range is vulnerable, regardless of user license or installation setting.

Risk and Exploitability

The CVSS base score of 6.9 marks this flaw as moderately severe, but the lack of an EPSS value and its absence from the CISA KEV list suggest that widespread exploitation has not yet been documented. Because the exploit requires only local access and a simple paste operation, it can be performed in shared or compromised environments where an attacker can interact with the user interface.

Generated by OpenCVE AI on March 21, 2026 at 15:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest BlueStacks release, which includes the fix for the search field overflow.
  • If a newer release is unavailable, uninstall the current version to prevent accidental crashes.
  • Verify that the search field no longer accepts unusually large input strings; consider disabling the feature if the update cannot be installed.
  • Consult BlueStacks support or the vendor's security advisory for confirmation of the patch status.

Generated by OpenCVE AI on March 21, 2026 at 15:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description BlueStacks 4.80.0.1060 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to the search field. Attackers can paste a buffer of 100,000 'A' characters into the search field and trigger a search operation to cause the application to crash.
Title BlueStacks 4.80.0.1060 Denial of Service via Search Field
First Time appeared Bluestacks
Bluestacks bluestacks
Weaknesses CWE-466
CPEs cpe:2.3:a:bluestacks:bluestacks:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.180.10:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.190.0:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.200.0:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.205.0:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.210.0:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.210.10:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.215.0:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.220.0:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.230.0:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.230.10:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.230.20:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.240.0:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.240.15:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.240.20:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.240.30:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.250.0:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.260.0:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.270.0:*:*:*:*:*:*:*
cpe:2.3:a:bluestacks:bluestacks:4.80.0.1060:*:*:*:*:*:*:*
Vendors & Products Bluestacks
Bluestacks bluestacks
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Bluestacks Bluestacks
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T15:41:46.727Z

Reserved: 2026-03-21T12:24:16.207Z

Link: CVE-2019-25548

cve-icon Vulnrichment

Updated: 2026-03-23T15:41:43.512Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-21T13:16:16.753

Modified: 2026-03-23T14:31:37.267

Link: CVE-2019-25548

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:34Z

Weaknesses