Primary

Context

Navicat for Oracle Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Navicat for Oracle version 12.1.15. This vulnerability allows local attackers to crash the application by entering an excessively long string in the password field during Oracle connection setup. Specifically, a buffer of 550 repeated characters can be pasted into the password parameter to trigger the crash.

Impact

Exploitation of this vulnerability leads to a crash of the Navicat for Oracle application, causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, first copy a string of 550 repeated characters to the clipboard. Then, open Navicat for Oracle 12.1.15 and navigate to the Oracle connection configuration. In the 'Password' field, paste the copied string. After selecting 'Aceptar', the application will crash.

Added: Mar 30, 2026, 12:19 PM

Updated: Mar 30, 2026, 12:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

4.9

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Navicat for Oracle Denial-of-Service Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating