Description
SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 string through the decoder interface to trigger a denial of service condition.
Published: 2026-04-05
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Immediately
AI Analysis

Impact

SpotAuditor 3.6.7 contains a local buffer overflow in the Base64 Password Decoder component. By supplying an oversized Base64 string through the decoder interface, an attacker can cause the application to crash, leading to a denial of service condition. This vulnerability is classified as CWE-787, where a buffer overflow could corrupt memory and destabilize the process.

Affected Systems

The affected product is SpotAuditor version 3.6.7 by Nsauditor. No other versions or vendors are listed in the CNA data for this vulnerability. The product is accessed locally, and the risk applies to instances running SpotAuditor 3.6.7 on any supported operating system.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate impact. EPSS data is not provided and the vulnerability is not listed in the CISA KEV catalog. Attackers require local access to inject the oversized Base64 string via the decoder interface. Once triggered, the crash can reduce availability of the affected service. The lack of remote code execution does not raise the severity, but repeated crashes could be leveraged in a denial‑of‑service attack. Because the vector is local, it is most relevant to users who run SpotAuditor on potentially privileged systems.

Generated by OpenCVE AI on April 5, 2026 at 23:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the vendor website for an updated SpotAuditor release that fixes the decoder bug and install it immediately.
  • If no patch is available, reconfigure the application to disable or restrict access to the Base64 decoder component.
  • Restart the SpotAuditor service after applying any changes to ensure it is running a non‑vulnerable instance.
  • Enable application logging and monitor for unexpected crashes or failures that could indicate attempted exploitation.
  • Consider isolating SpotAuditor in a container or virtual machine with limited privileges to reduce the impact of a crash.

Generated by OpenCVE AI on April 5, 2026 at 23:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:nsasoft:spotauditor:*:*:*:*:*:*:*:*

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Nsauditor
Nsauditor spotauditor
Vendors & Products Nsauditor
Nsauditor spotauditor

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 05 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 string through the decoder interface to trigger a denial of service condition.
Title SpotAuditor 3.6.7 Denial of Service Buffer Overflow
First Time appeared Nsasoft
Nsasoft spotauditor
Weaknesses CWE-787
CPEs cpe:2.3:a:nsasoft:spotauditor:3.6.7:*:*:*:*:*:*:*
Vendors & Products Nsasoft
Nsasoft spotauditor
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nsasoft Spotauditor
Nsauditor Spotauditor
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T18:02:53.635Z

Reserved: 2026-04-05T13:04:28.354Z

Link: CVE-2019-25666

cve-icon Vulnrichment

Updated: 2026-04-06T17:59:16.394Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-05T21:16:43.907

Modified: 2026-04-20T18:05:57.330

Link: CVE-2019-25666

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:48:42Z

Weaknesses