Description
Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when submitting the form.
Published: 2026-03-22
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

Backup Key Recovery version 2.2.4 contains a buffer overflow in the Name field that allows a local attacker to crash the application. By submitting a string of 300 or more characters during registration, the program can be forced to terminate unexpectedly, causing an interruption of service for legitimate users. The vulnerability is an example of improper input validation and results in a denial of service.

Affected Systems

The affected product is Nsauditor Backup Key Recovery, specifically version 2.2.4. No other versions or vendors are listed. The issue is limited to this product.

Risk and Exploitability

The vulnerability has a moderate CVSS score of 6.9, indicating a high potential impact on availability. Exploit probability data is not available, and the vulnerability is not listed in the CISA KEV catalog. Attackers must have local access to the system to exploit the flaw, suggesting that insider or compromised credentials are required. Because the flaw can be triggered by an administrator‑level user, the risk to environments where such users exist is significant.

Generated by OpenCVE AI on March 22, 2026 at 14:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor’s website for an updated version of Backup Key Recovery or a security patch that addresses the input length validation. Install any available patch immediately. If a patch is not yet released, modify the application or system configuration to restrict the length of names entered during registration to fewer than 300 characters. Monitor the application logs for crash events and ensure the service is restarted automatically if it becomes unavailable.

Generated by OpenCVE AI on March 22, 2026 at 14:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 02:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Nsauditor
Nsauditor backup Key Recovery
Vendors & Products Nsauditor
Nsauditor backup Key Recovery

Sun, 22 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when submitting the form.
Title Backup Key Recovery 2.2.4 Denial of Service via Name Field
Weaknesses CWE-466
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nsauditor Backup Key Recovery
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-23T19:18:35.676Z

Reserved: 2026-03-22T12:59:29.746Z

Link: CVE-2019-25599

cve-icon Vulnrichment

Updated: 2026-03-23T19:18:25.496Z

cve-icon NVD

Status : Deferred

Published: 2026-03-22T14:16:27.160

Modified: 2026-04-16T16:19:50.757

Link: CVE-2019-25599

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:46:17Z

Weaknesses