Description
SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during registration to trigger a crash when the OK button is clicked.
Published: 2026-03-21
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows a local attacker to crash the application by submitting an excessively long string. The attacker can paste a buffer of 1000 characters into the Name/Key field during registration to trigger a crash when the OK button is clicked. Based on the description, it is inferred that the attacker would need local access to the machine running the application in order to supply the long input, so the vulnerability is not exploitable remotely. The result of the crash is loss of availability for any user attempting to use the registration feature, thereby disrupting normal application operation.

Affected Systems

The affected product is SpotPaltalk version 1.1.5, developed by Nsauditor. No other versions are listed as affected, so the impact is confined to this specific release.

Risk and Exploitability

The CVSS score of 6.8 indicates moderate severity. No EPSS score is provided, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector is local, requiring the attacker to have access to the host running the application. Because the exploit involves only the input of a long string, the likelihood of exploitation on systems exposed to untrusted users could be relatively high, though it does not represent a remote threat.

Generated by OpenCVE AI on March 21, 2026 at 15:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install a vendor‑provided patch when it becomes available
  • If no patch or upgrade is available, disable the registration feature or uninstall SpotPaltalk until an update is released
  • Monitor the vendor’s website and the references listed above for new advisories or fix releases

Generated by OpenCVE AI on March 21, 2026 at 15:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Nsasoft
Nsasoft spotpaltalk
CPEs cpe:2.3:a:nsasoft:spotpaltalk:1.1.5:*:*:*:*:*:*:*
Vendors & Products Nsasoft
Nsasoft spotpaltalk

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Nsauditor
Nsauditor spotpaltalk
Vendors & Products Nsauditor
Nsauditor spotpaltalk

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description SpotPaltalk 1.1.5 contains a denial of service vulnerability in the registration code input field that allows local attackers to crash the application by submitting an excessively long string. Attackers can paste a buffer of 1000 characters into the Name/Key field during registration to trigger a crash when the OK button is clicked.
Title SpotPaltalk 1.1.5 Name/Key Field Denial of Service
Weaknesses CWE-1260
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nsasoft Spotpaltalk
Nsauditor Spotpaltalk
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:23:09.891Z

Reserved: 2026-03-21T12:29:55.973Z

Link: CVE-2019-25559

cve-icon Vulnrichment

Updated: 2026-03-23T16:23:06.874Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:18.777

Modified: 2026-04-16T17:59:31.790

Link: CVE-2019-25559

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:24Z

Weaknesses