CVE-2019-25653

Navicat for Oracle 12.1.15 Password Field Denial of Service

Description

Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer of 550 repeated characters into the password parameter during Oracle connection configuration to trigger an application crash.

INFO

Published Date :

2026-03-30T11:02:27.002Z

Last Modified :

2026-03-30T13:53:07.017Z

Source :

VulnCheck

AFFECTED PRODUCTS

The following products are affected by CVE-2019-25653 vulnerability.

Vendors	Products
Navicat	Navicat

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2019-25653.

URL	Resource
https://www.exploit-db.com/exploits/46383
https://www.navicat.com/es/
https://www.navicat.com/es/download/navicat-for-oracle
https://www.vulncheck.com/advisories/navicat-for-oracle-password-field-denial-of-service

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact