Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4DescriptionCVE.org
Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the 'Select or enter a program' field during program alert configuration to trigger an application crash.
AnalysisAI
Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1282. Sandboxie 5.30 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Program Alerts configuration field. Attackers can paste a buffer of 5000 characters into the 'Select or enter a program' field during program alert configuration to trigger an application crash. Affected products include: Sandboxie.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershe
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated high sev
An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service (DoS) in t
Sandbox escape with SYSTEM-level code execution in Sandboxie-Plus before 1.17.6 allows a process confined inside a sandb
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated medium s
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated high sev
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated high sev
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Rated high sev
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2019-19850
GHSA-2fhg-mfw9-px88