Primary

Context

SpotPaltalk Denial-of-Service Vulnerability in Registration Code Input Field

Vulnerability

A denial-of-service vulnerability has been identified in SpotPaltalk version 1.1.5. The issue arises in the registration code input field, where local attackers can cause the application to crash by submitting an excessively long string. By pasting a buffer of 1000 characters into the Name/Key field during registration and clicking the OK button, the application is triggered to crash.

Impact

Exploiting this vulnerability leads to a crash of the SpotPaltalk application, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, register a new account in SpotPaltalk 1.1.5. During the registration process, paste a 1000-character buffer into the Name/Key field. After pasting, click the 'OK' button to complete the registration. The application will crash shortly after.

Added: Mar 21, 2026, 1:23 PM

Updated: Mar 21, 2026, 1:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SpotPaltalk Denial-of-Service Vulnerability in Registration Code Input Field

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating