Description
RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler (SEH) chain corruption. Attackers can craft a malicious input string with 268 bytes of padding followed by SEH overwrite values and paste it into the Port field to cause denial of service.
Published: 2026-03-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via stack-based buffer overflow
Action: Apply Patch
AI Analysis

Impact

A stack‑based buffer overflow occurs in the Echo Port field of the Serial Terminal application. A local user can create a 268‑byte input that overwrites the structured‑exception‑handler control data, causing the program to crash. The flaw does not provide code execution; its principal consequence is that the application becomes unavailable to anyone who opens it.

Affected Systems

The vulnerability is limited to the Serial Terminal product from Realterm, specifically version 2.0.0.70. No other releases or vendors appear to be affected.

Risk and Exploitability

The issue scores a 6.9 on the CVSS scale, reflecting moderate severity. Its exploitation likelihood is reported to be below one percent, and it does not appear in national threat catalogs. Exploitation requires local interaction with the application’s input field, and a working exploit is documented in publicly accessible exploit collections. The combination of limited impact and low exploitation probability keeps overall risk moderate, though the local nature of the attack means that any user with access to the application should consider addressing it promptly.

Generated by OpenCVE AI on March 24, 2026 at 21:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest RealTerm release that fixes the buffer‑overflow issue.
  • If an upgrade cannot be performed immediately, avoid using the Echo Port feature or uninstall the application until a patch is available.

Generated by OpenCVE AI on March 24, 2026 at 21:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Crun
Crun realterm
CPEs cpe:2.3:a:crun:realterm:2.0.0.70:*:*:*:*:*:*:*
Vendors & Products Crun
Crun realterm

Tue, 24 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Realterm
Realterm realterm: Serial Terminal
Vendors & Products Realterm
Realterm realterm: Serial Terminal

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler (SEH) chain corruption. Attackers can craft a malicious input string with 268 bytes of padding followed by SEH overwrite values and paste it into the Port field to cause denial of service.
Title RealTerm Serial Terminal 2.0.0.70 SEH Overflow Crash
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Crun Realterm
Realterm Realterm: Serial Terminal
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T20:09:18.372Z

Reserved: 2026-03-21T12:36:51.381Z

Link: CVE-2019-25569

cve-icon Vulnrichment

Updated: 2026-03-23T20:08:55.739Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:20.653

Modified: 2026-03-24T20:43:05.600

Link: CVE-2019-25569

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:14Z

Weaknesses