Description
LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Attackers can exploit the Form Send Message feature by pasting 6000 bytes of data into the Message text field to trigger a denial of service condition.
Published: 2026-04-05
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Update
AI Analysis

Impact

LanHelper 1.74 contains a local buffer overflow that is triggered when an attacker submits an excessively long string into the Form Send Message message text field. The overflow causes the application to crash, resulting in a denial of service. The weakness matches the buffer overrun category (CWE‑787). The impact is limited to the application itself and the service it provides, without compromising data confidentiality or integrity.

Affected Systems

The vulnerability affects the Hainsoft LanHelper product, specifically version 1.74. No other versions are reported to be impacted.

Risk and Exploitability

The CVSS score of 6.9 classifies this flaw as medium severity. Exploitation requires local or in‑network access to the LanHelper application and does not appear to be remotely exploitable. The EPSS score is unavailable and the flaw is not listed in the CISA KEV catalog, indicating that it is not widely exploited. Nonetheless, repeated crashes can disrupt service availability and cause user frustration.

Generated by OpenCVE AI on April 5, 2026 at 23:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the Hainsoft website or support channels for a new release or patch.
  • If a patch is not yet available, restrict the maximum length of messages allowed by the Form Send Message feature to prevent overflow.
  • Monitor LanHelper logs for repeated crashes and consider disabling the Form Send Message feature until a fix is released.
  • Ensure that only trusted users can access the Form Send Message functionality to limit potential local abuse.

Generated by OpenCVE AI on April 5, 2026 at 23:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:hainsoft:lanhelper:*:*:*:*:*:*:*:*

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Hainsoft
Hainsoft lanhelper
Vendors & Products Hainsoft
Hainsoft lanhelper

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 05 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description LanHelper 1.74 contains a local buffer overflow vulnerability that allows attackers to crash the application by sending excessively long input strings. Attackers can exploit the Form Send Message feature by pasting 6000 bytes of data into the Message text field to trigger a denial of service condition.
Title LanHelper 1.74 Denial of Service via Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Hainsoft Lanhelper
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T18:02:53.763Z

Reserved: 2026-04-05T12:46:38.867Z

Link: CVE-2019-25660

cve-icon Vulnrichment

Updated: 2026-04-06T17:59:23.386Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-05T21:16:42.877

Modified: 2026-04-20T18:15:27.010

Link: CVE-2019-25660

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:56:17Z

Weaknesses