Description
jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to trigger a crash that terminates the server process.
Published: 2026-03-22
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Fix
AI Analysis

Impact

JetCast Server 2.0 contains a flaw that allows an attacker to cause the server to crash by entering an excessively long string into the Log directory configuration field. The input field accepts a buffer of 5000 characters, and after the user clicks Start, the application terminates the server process, resulting in a loss of service for all clients that rely on the server. The weakness is a type of buffer overrun that is represented by CWE‑1285 and results in a denial of service without compromising data confidentiality or integrity.

Affected Systems

The affected product is Jetaudio’s jetCast Server version 2.0. Information from the vendor’s CPE entry confirms that the vulnerability applies to this specific major version, and no other versions or products are listed as impacted in the CNA data.

Risk and Exploitability

The CVSS score of 6.8 places the vulnerability in the medium severity range. The exploit probability is not documented, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited known exploitation. The likely attack vector is local, as the description specifies that local attackers can supply the long string. If an attacker has local access with permission to modify the Log directory setting, the crash can be triggered quickly, causing an immediate service outage until the server is restarted or patched.

Generated by OpenCVE AI on March 22, 2026 at 14:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s official patch or upgrade to a newer release of jetCast Server. If no patch is yet available, reconfigure the server to use a significantly shorter Log directory value or disable the Log directory feature if possible. Restrict local user privileges so that only trusted administrators can modify the Log directory configuration. Continuously monitor system logs and the server process to detect crashes and restore service promptly.

Generated by OpenCVE AI on March 22, 2026 at 14:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Jetaudio jetcast Server
Vendors & Products Jetaudio jetcast Server

Sun, 22 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description jetCast Server 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Log directory configuration field. Attackers can paste a buffer of 5000 characters into the Log directory input, then click Start to trigger a crash that terminates the server process.
Title jetCast Server 2.0 Denial of Service via Log Directory
First Time appeared Jetaudio
Jetaudio jetaudio
Weaknesses CWE-1285
CPEs cpe:2.3:a:jetaudio:jetaudio:2.0:*:*:*:*:*:*:*
Vendors & Products Jetaudio
Jetaudio jetaudio
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Jetaudio Jetaudio Jetcast Server
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T19:25:09.947Z

Reserved: 2026-03-22T12:54:16.465Z

Link: CVE-2019-25593

cve-icon Vulnrichment

Updated: 2026-03-23T19:24:58.144Z

cve-icon NVD

Status : Deferred

Published: 2026-03-22T14:16:26.027

Modified: 2026-04-16T16:19:50.757

Link: CVE-2019-25593

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:23Z

Weaknesses