Description
BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 256-byte buffer of repeated characters in the Key registration field, causing the application to crash during registration processing.
Published: 2026-04-12
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

BlueAuditor 1.7.2.0 contains a buffer overflow in the registration key field that can be triggered by an attacker who submits an oversized key. The overflow causes the application to crash during registration processing, resulting in a denial of service. This flaw does not allow code execution or privilege escalation; it only disrupts availability for legitimate users.

Affected Systems

The affected product is BlueAuditor by NSauditor, specifically version 1.7.2.0. No other versions or variants are listed as vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium severity for a local denial of service. The risk is limited to users with local access capable of submitting registration keys. No EPSS score or KEV listing is available, so widespread exploitation has not been confirmed. Attackers require local access and the flaw does not provide code execution or privilege escalation, but it can cause significant downtime for the impacted system.

Generated by OpenCVE AI on April 12, 2026 at 13:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch or upgrade to a non‑vulnerable release of BlueAuditor.
  • Verify that the registration key field enforces proper length checks or input validation.

Generated by OpenCVE AI on April 12, 2026 at 13:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Nsasoft
Nsasoft blueauditor
CPEs cpe:2.3:a:nsasoft:blueauditor:1.7.2.0:*:*:*:*:*:*:*
Vendors & Products Nsasoft
Nsasoft blueauditor

Mon, 13 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Nsauditor
Nsauditor blueauditor
Vendors & Products Nsauditor
Nsauditor blueauditor

Sun, 12 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Description BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 256-byte buffer of repeated characters in the Key registration field, causing the application to crash during registration processing.
Title BlueAuditor 1.7.2.0 Buffer Overflow Denial of Service via Registration Key
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nsasoft Blueauditor
Nsauditor Blueauditor
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-13T18:16:09.521Z

Reserved: 2026-04-12T12:20:29.815Z

Link: CVE-2019-25712

cve-icon Vulnrichment

Updated: 2026-04-13T15:50:14.160Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-12T13:16:34.457

Modified: 2026-04-17T14:07:18.670

Link: CVE-2019-25712

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:54:07Z

Weaknesses