Description
RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Port field. Attackers can paste a buffer of 1000 characters into the Port input field and click the open button to trigger a crash.
Published: 2026-03-21
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

This vulnerability arises when a user enters an unusually long string—up to 1000 characters—in the Port field of RealTerm Serial Terminal 2.0.0.70, causing the application to crash. The issue is a lack of proper input validation, which is inferred to be a buffer overflow or similar error, classified as CWE‑1260. The crash results in a denial of service with no direct impact on data confidentiality or integrity.

Affected Systems

The affected product is RealTerm Serial Terminal version 2.0.0.70 from the Realterm vendor. No other referenced versions or products are identified as vulnerable in the supplied data.

Risk and Exploitability

The CVSS score of 6.8 indicates moderate severity, and the EPSS score of under 1 % shows a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires local access: the attacker must run the program and supply the malformed input. Thus the risk is moderate, the attack vector is local, and it does not provide broader system compromise.

Generated by OpenCVE AI on March 24, 2026 at 21:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest available RealTerm version (e.g., 2.0.0.71 or newer) from the official website.
  • If a patch is not yet available, restrict the execution of RealTerm to trusted users or implement application whitelisting to prevent unauthorized use.
  • Monitor for unexpected crashes and apply newer releases as soon as they become available.

Generated by OpenCVE AI on March 24, 2026 at 21:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Crun
Crun realterm
CPEs cpe:2.3:a:crun:realterm:2.0.0.70:*:*:*:*:*:*:*
Vendors & Products Crun
Crun realterm

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Realterm
Realterm realterm: Serial Terminal
Vendors & Products Realterm
Realterm realterm: Serial Terminal

Sat, 21 Mar 2026 13:00:00 +0000

Type Values Removed Values Added
Description RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Port field. Attackers can paste a buffer of 1000 characters into the Port input field and click the open button to trigger a crash.
Title RealTerm Serial Terminal 2.0.0.70 Denial of Service via Port Field
Weaknesses CWE-1260
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Crun Realterm
Realterm Realterm: Serial Terminal
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-24T15:15:17.526Z

Reserved: 2026-03-21T12:36:58.050Z

Link: CVE-2019-25570

cve-icon Vulnrichment

Updated: 2026-03-24T14:01:22.655Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-21T13:16:20.833

Modified: 2026-03-24T20:42:41.733

Link: CVE-2019-25570

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:47:13Z

Weaknesses