{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25598", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-22T12:59:12.654Z", "datePublished": "2026-03-22T13:38:35.133Z", "dateUpdated": "2026-03-23T16:02:51.559Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:35.133Z"}, "datePublic": "2019-04-24T00:00:00.000Z", "title": "HeidiSQL Portable 10.1.0.5464 Denial of Service via Buffer Overflow", "descriptions": [{"lang": "en", "value": "HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to trigger an application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Heidisql", "product": "HeidiSQL Portable", "versions": [{"version": "10.1.0.5464", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46749", "name": "ExploitDB-46749", "tags": ["exploit"]}, {"url": "https://www.heidisql.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.heidisql.com/downloads/releases/HeidiSQL_10.1_64_Portable.zip", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: HeidiSQL Portable 10.1.0.5464 Denial of Service via Buffer Overflow", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/heidisql-portable-denial-of-service-via-buffer-overflow"}], "credits": [{"lang": "en", "value": "Victor Mondrag\u00f3n", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T16:01:37.159605Z", "id": "CVE-2019-25598", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T16:02:51.559Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "HeidiSQL Portable 10.1.0.5464 Denial of Service via Buffer Overflow", "credits": [{"lang": "en", "type": "finder", "value": "Victor Mondrag\u00f3n"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Heidisql", "product": "HeidiSQL Portable", "versions": [{"status": "affected", "version": "10.1.0.5464"}]}], "datePublic": "2019-04-24T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46749", "name": "ExploitDB-46749", "tags": ["exploit"]}, {"url": "https://www.heidisql.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.heidisql.com/downloads/releases/HeidiSQL_10.1_64_Portable.zip", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/heidisql-portable-denial-of-service-via-buffer-overflow", "name": "VulnCheck Advisory: HeidiSQL Portable 10.1.0.5464 Denial of Service via Buffer Overflow", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to trigger an application crash."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-22T13:38:35.133Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25598", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T16:01:37.159605Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-23T16:01:48.214Z"}}]}, "cveMetadata": {"cveId": "CVE-2019-25598", "state": "PUBLISHED", "dateUpdated": "2026-03-22T13:38:35.133Z", "dateReserved": "2026-03-22T12:59:12.654Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-22T13:38:35.133Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "HeidiSQL Portable 10.1.0.5464 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer overflow payload into the password input during Microsoft SQL Server login to trigger an application crash."}, {"lang": "es", "value": "HeidiSQL Portable 10.1.0.5464 contiene una vulnerabilidad de denegaci\u00f3n de servicio que permite a atacantes locales bloquear la aplicaci\u00f3n al introducir una cadena excesivamente larga en el campo de la contrase\u00f1a. Los atacantes pueden pegar una carga \u00fatil de desbordamiento de b\u00fafer en la entrada de la contrase\u00f1a durante el inicio de sesi\u00f3n de Microsoft SQL Server para provocar un bloqueo de la aplicaci\u00f3n."}], "id": "CVE-2019-25598", "lastModified": "2026-04-16T16:19:50.757", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-22T14:16:26.990", "references": [{"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/46749"}, {"source": "disclosure@vulncheck.com", "url": "https://www.heidisql.com/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.heidisql.com/downloads/releases/HeidiSQL_10.1_64_Portable.zip"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/heidisql-portable-denial-of-service-via-buffer-overflow"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "10.1.0.5464"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "HeidiSQL Portable", "source": "cna", "vendor": "Heidisql"}, "product": "heidisql_portable", "vendor": "heidisql"}], "analysis": {"en": {"generated_at": "2026-03-22T16:05:37.175523+00:00", "value": {"mitigation_remediation": ["Update HeidiSQL Portable to the latest version available from the official website.", "Until a patch is released, avoid entering passwords longer than the maximum expected length in the Microsoft SQL Server login dialog.", "Monitor the vendor\u2019s advisory page or security mailing lists for a fix."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerable product is HeidiSQL Portable version 10.1.0.5464 provided by Heidisql. The flaw is triggered when a user opens the Microsoft SQL Server login dialog and enters a string that exceeds the expected length in the password field.", "description_and_impact": "HeidiSQL Portable 10.1.0.5464 contains a buffer overflow in the password field used for Microsoft SQL Server authentication. Supplying an excessively long password string overwrites memory, causing the application to crash. The failure only terminates the HeidiSQL process; there is no disclosure of data or compromise of the underlying operating system.", "risk_and_exploitability": "The CVSS score of 6.9 indicates moderate severity, and the EPSS score is not available. The vulnerability is not listed in CISA\u2019s Known Exploited Vulnerabilities catalog. Exploitation requires local access and user interaction; it is not remotely exploitable. The impact is a denial of service for the local user, with no effect on confidentiality or integrity."}}}}, "created": "2026-03-23T09:46:20.903355+00:00", "updated": "2026-03-25T14:46:18.514068+00:00", "vendors": ["heidisql", "heidisql$PRODUCT$heidisql_portable"]}