Primary

Context

HeidiSQL Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in HeidiSQL version 9.5.0.5196. This vulnerability allows local attackers to crash the application by entering an excessively long file path in the logging preferences. The SQL log file path field can be used to input a buffer-overflow payload, triggering the application crash.

Impact

Exploitation of this vulnerability leads to a crash of the HeidiSQL application, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, open HeidiSQL and navigate to 'Preferences' > 'Logging'. Select the option to write the SQL log to a file and paste a long file path into the SQL log file path field. Click 'OK' to save the changes, which will cause the application to crash.

Added: Mar 30, 2026, 12:24 PM

Updated: Mar 30, 2026, 12:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HeidiSQL Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating