Description
TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively long strings into the New User Name or New Serial Number textboxes in the Help menu's registration dialog to trigger a denial of service condition.
Published: 2026-04-05
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

TaskInfo application version 8.2.0.280 contains a local buffer overflow that allows an attacker to crash the program by entering oversized strings into the New User Name or New Serial Number fields of the registration dialog. This overflow results in a denial of service by terminating the application, but does not provide remote code execution or data exfiltration capabilities. The weakness is classed as a Heap or Stack-based Buffer Overflow (CWE-787).

Affected Systems

The vulnerability affects the Iarsn TaskInfo product, specifically version 8.2.0.280. No other product versions or vendors are listed as affected in the available data.

Risk and Exploitability

The CVSS score of 6.9 reflects a moderate to high impact risk. EPSS information is not provided, and the vulnerability is not present in the CISA KEV catalog. It is a local vulnerability; an attacker must have access to the machine to supply long input through the graphical user interface. Exploitation requires no special authentication beyond local user privileges, and the attack vector is inferred from the description to be local.

Generated by OpenCVE AI on April 5, 2026 at 23:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest TaskInfo patch or upgrade to a non‑vulnerable version as provided by Iarsn.
  • Verify the update by checking version information and ensuring the update package is from a trusted source.
  • If a patch is unavailable, restrict the length of input in the New User Name and New Serial Number fields through configuration or by disabling the registration dialog until remediation is applied.

Generated by OpenCVE AI on April 5, 2026 at 23:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 20 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:iarsn:taskinfo:*:*:*:*:*:*:*:*

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Iarsn
Iarsn taskinfo
Vendors & Products Iarsn
Iarsn taskinfo

Mon, 06 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 05 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
Description TaskInfo 8.2.0.280 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to registration fields. Attackers can paste excessively long strings into the New User Name or New Serial Number textboxes in the Help menu's registration dialog to trigger a denial of service condition.
Title TaskInfo 8.2.0.280 Denial of Service Buffer Overflow
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Iarsn Taskinfo
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-06T16:11:38.489Z

Reserved: 2026-04-05T13:04:41.418Z

Link: CVE-2019-25667

cve-icon Vulnrichment

Updated: 2026-04-06T16:11:21.961Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-05T21:16:44.077

Modified: 2026-04-20T18:04:26.890

Link: CVE-2019-25667

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:48:41Z

Weaknesses