Description
RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buffer of 5000 bytes into the Username field via Settings > Network to trigger an application crash.
Published: 2026-03-22
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

RarmaRadio 2.72.3 includes a flaw in the Username field that accepts an excessively long input. Submitting a 5000‑byte buffer through Settings → Network triggers a crash, causing the application to terminate. The failure results in a loss of availability for users of the affected instance, but does not compromise confidentiality or integrity.

Affected Systems

The vulnerability affects the Raimersoft RarmaRadio application, specifically version 2.72.3 deployed on user systems. No other versions or products are listed as affected.

Risk and Exploitability

The CVSS base score is 6.9, indicating moderate severity. The EPSS score is below 1%, suggesting low likelihood of exploitation in the wild. The issue is not present in the CISA KEV catalog. Attackers would need local access to the machine to enter the Settings interface and provide the oversized input; remote exploitation is not supported by the available information.

Generated by OpenCVE AI on March 24, 2026 at 16:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update RarmaRadio to a patched version that addresses the Username field buffer issue.
  • Verify the installation after the upgrade to confirm the crash no longer occurs.

Generated by OpenCVE AI on March 24, 2026 at 16:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:raimersoft:rarmaradio:2.72.3:*:*:*:*:*:*:*

Mon, 23 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Raimersoft
Raimersoft rarmaradio
Vendors & Products Raimersoft
Raimersoft rarmaradio

Sun, 22 Mar 2026 00:30:00 +0000

Type Values Removed Values Added
Description RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buffer of 5000 bytes into the Username field via Settings > Network to trigger an application crash.
Title RarmaRadio 2.72.3 Username Field Denial of Service
Weaknesses CWE-1282
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Raimersoft Rarmaradio
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T16:17:56.229Z

Reserved: 2026-03-21T16:41:58.490Z

Link: CVE-2019-25583

cve-icon Vulnrichment

Updated: 2026-03-23T16:17:51.311Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-22T01:16:56.110

Modified: 2026-03-24T14:51:47.690

Link: CVE-2019-25583

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:56Z

Weaknesses