Description
NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function to cause a denial of service condition.
Published: 2026-03-22
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via buffer overflow
Action: Patch
AI Analysis

Impact

A buffer overflow exists in the SNMP Auditor Community field of a specific software version. When an attacker supplies an overly long string to this field and triggers the walk operation, the application can crash. This results in a denial of service condition for users relying on the service. The weakness is a classic out‑of‑bounds write, identified by the assigned classification.

Affected Systems

Any installation of the auditing platform running the vulnerable version. The affected component is the SNMP Auditor module that processes community strings entered through its interface.

Risk and Exploitability

The vulnerability receives a 6.9 score on its severity scale, indicating moderate risk. The probability of widespread exploitation is low, with less than a one percent chance of being selected by threat actors. It is not listed in the known exploited vulnerability catalog. Local attackers who can input data into the community field can repeat the crash and disrupt service, but remote exploitation or privilege escalation is not indicated by the available information.

Generated by OpenCVE AI on March 24, 2026 at 22:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch or upgrade to the latest release of the auditing platform to eliminate the buffer overflow

Generated by OpenCVE AI on March 24, 2026 at 22:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Nsasoft
Nsasoft nsauditor
CPEs cpe:2.3:a:nsasoft:nsauditor:3.1.2.0:*:*:*:*:*:*:*
Vendors & Products Nsasoft
Nsasoft nsauditor

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Nsauditor
Nsauditor nsauditor
Vendors & Products Nsauditor
Nsauditor nsauditor

Sun, 22 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function to cause a denial of service condition.
Title NSauditor 3.1.2.0 Denial of Service via Community Field
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nsasoft Nsauditor
Nsauditor Nsauditor
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T13:37:29.021Z

Reserved: 2026-03-22T12:59:04.160Z

Link: CVE-2019-25597

cve-icon Vulnrichment

Updated: 2026-03-25T13:37:24.358Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-22T14:16:26.807

Modified: 2026-03-24T21:15:20.150

Link: CVE-2019-25597

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:19Z

Weaknesses