Vulnerabilities ›

CVE-2019-25602

Medium

GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer

CWE-1260 — Weakness Type

                    Published: Mar 22, 2026                      ·  Modified: Mar 24, 2026                      ·  Source: NVD                

CVSS v3

5.5

🔗 NVD Official

📄 Description (English)

GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to trigger an application crash.

🤖 AI Executive Summary

GSearch 1.0.1.0 contains a denial of service vulnerability (CVE-2019-25602) allowing local attackers to crash the application through buffer overflow via excessively long search strings. With a CVSS score of 5.5 and no available patch, this vulnerability poses a moderate risk to organizations relying on GSearch for local search functionality. The attack requires local access and user interaction, limiting its immediate threat scope but requiring mitigation strategies.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 25, 2026 10:33

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily affects organizations using GSearch as a local search utility, with potential impact on government agencies, educational institutions, and corporate environments in Saudi Arabia. The risk is limited to local denial of service scenarios, affecting business continuity rather than data confidentiality. Government entities under NCA oversight and organizations subject to SAMA regulations should assess GSearch usage in their infrastructure. The impact is moderate as the vulnerability requires local access and does not enable remote exploitation or data breach.

🏢 Affected Saudi Sectors

Government Education Corporate/Enterprise Healthcare Financial Services

🎯 MITRE ATT&CK Techniques

T1499 - Endpoint Denial of Service T1561 - Disk Wipe T1529 - System Shutdown/Reboot

⚖️ Saudi Risk Score (AI)

4.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Identify all systems running GSearch 1.0.1.0 across your organization

2. Restrict access to GSearch to trusted users only

3. Implement input validation controls to limit search string length to reasonable values (e.g., 500 characters maximum)

4. Monitor application logs for repeated search failures or application crashes



Compensating Controls:

1. Deploy application whitelisting to restrict GSearch execution to authorized users

2. Implement endpoint protection with behavioral monitoring to detect application crashes

3. Use application sandboxing or containerization to isolate GSearch from critical systems

4. Establish user awareness training regarding suspicious application behavior



Detection Rules:

1. Monitor for GSearch process crashes or unexpected terminations

2. Alert on search queries exceeding 1000 characters in length

3. Track failed GSearch operations followed by application restart

4. Log all GSearch search operations for forensic analysis



Long-term:

1. Evaluate alternative search solutions with active security support

2. Plan migration away from GSearch 1.0.1.0 to a maintained alternative

3. Implement application version control and inventory management

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع الأنظمة التي تقوم بتشغيل GSearch 1.0.1.0 عبر مؤسستك

2. تقييد الوصول إلى GSearch للمستخدمين الموثوقين فقط

3. تنفيذ عناصر التحكم في التحقق من صحة المدخلات لتحديد طول سلسلة البحث بقيم معقولة (على سبيل المثال، 500 حرف كحد أقصى)

4. مراقبة سجلات التطبيق لحالات فشل البحث المتكررة أو أعطال التطبيق

عناصر التحكم التعويضية:

1. نشر قائمة بيضاء للتطبيقات لتقييد تنفيذ GSearch للمستخدمين المصرح لهم

2. تنفيذ حماية نقطة النهاية مع المراقبة السلوكية لاكتشاف أعطال التطبيق

3. استخدام عزل التطبيق أو الحاويات لعزل GSearch عن الأنظمة الحرجة

4. إنشاء تدريب الوعي بالمستخدمين بشأن سلوك التطبيق المريب

قواعد الكشف:

1. مراقبة أعطال عملية GSearch أو الإنهاء غير المتوقع

2. التنبيه على استعلامات البحث التي تتجاوز 1000 حرف في الطول

3. تتبع عمليات GSearch الفاشلة متبوعة بإعادة تشغيل التطبيق

4. تسجيل جميع عمليات بحث GSearch للتحليل الجنائي

المدى الطويل:

1. تقييم حلول البحث البديلة مع دعم الأمان النشط

2. التخطيط للهجرة بعيداً عن GSearch 1.0.1.0 إلى بديل مدعوم

3. تنفيذ التحكم في إصدار التطبيق وإدارة المخزون

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.8.1.1 - User access management A.12.2.1 - Change management procedures A.12.6.1 - Management of technical vulnerabilities

🔵 SAMA CSF

ID.RA-1 - Asset management and criticality assessment PR.IP-12 - Software development and acquisition security DE.CM-8 - Vulnerability scans

🟡 ISO 27001:2022

A.12.6.1 - Management of technical vulnerabilities A.14.2.1 - Secure development policy A.12.2.1 - Change management

🔗 References & Sources 3

🔗

https://www.exploit-db.com/exploits/47026

disclosure@vulncheck.com

🔗

https://www.microsoft.com/store/productId/9NDTMZKLC693

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/gsearch-denial-of-service-via-search-input

disclosure@vulncheck.com

📊 CVSS Score

5.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionR — Required

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score5.5

CWECWE-1260

Exploit No

Patch ✗ No

Published 2026-03-22

Source Feed nvd

🇸🇦 Saudi Risk Score

4.2

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-1260

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2019-25602

Introduce Yourself

Sign In Required