Description
a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input to registration form fields. Attackers can paste 212 bytes of data into the 'Your Name', 'Your Company', or 'Register Code' fields and click the Register button to trigger a denial of service crash.
Published: 2026-04-05
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service via local buffer overflow
Action: Apply patch
AI Analysis

Impact

A local buffer overflow exists in the registration form of Amac: Mac Address Change version 5.4. By supplying 212 bytes of data in the 'Your Name', 'Your Company', or 'Register Code' fields, a local user can force the application to crash. The vulnerability leads to a denial of service but does not grant code execution or modify system state outside the application.

Affected Systems

The flaw affects the Mac Address Change application from Amac, specifically the 5.4 release series. No additional vendor or product details are disclosed, and version information beyond 5.4 is not provided.

Risk and Exploitability

The vulnerability receives a CVSS score of 6.8, indicating moderate severity. Exploit probability data is unavailable, and the issue is not listed as a known exploited vulnerability. Attack convergence appears limited to users with local access to the system running the application; an authenticated local attacker can trigger the crash by exploiting the oversized input. The impact is confined to application availability, with no evidence of persistence or privilege escalation.

Generated by OpenCVE AI on April 5, 2026 at 23:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor-released patch or upgrade to a newer release of the Mac Address Change application.
  • If no patch is available, restrict local access to the application to trusted users or isolate the service within a controlled environment.
  • Consider restarting the application or system as a temporary workaround to restore service.

Generated by OpenCVE AI on April 5, 2026 at 23:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 07:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Amac
Amac mac Address Change
Vendors & Products Amac
Amac mac Address Change

Sun, 05 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input to registration form fields. Attackers can paste 212 bytes of data into the 'Your Name', 'Your Company', or 'Register Code' fields and click the Register button to trigger a denial of service crash.
Title a-Mac Address Change 5.4 Local Buffer Overflow DoS
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Amac Mac Address Change
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T18:10:03.605Z

Reserved: 2026-04-05T12:45:25.628Z

Link: CVE-2019-25658

cve-icon Vulnrichment

Updated: 2026-04-06T18:09:58.775Z

cve-icon NVD

Status : Deferred

Published: 2026-04-05T21:16:42.530

Modified: 2026-04-16T16:15:56.380

Link: CVE-2019-25658

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:56:19Z

Weaknesses