Nsasoft Nsauditor Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Nsasoft Nsauditor version 3.2.3. The issue arises in the registration code input field, where attackers can cause the application to crash by pasting a large buffer of 256 repeated characters into the 'Key' field. This vulnerability exploits a buffer copy operation that does not properly check the size of the input, leading to an application crash.

Impact

Exploitation of this vulnerability causes the application to crash, disrupting any ongoing tasks or processes within Nsauditor.

Reproduction

To reproduce this vulnerability, open Nsauditor 3.2.3 and navigate to the registration window. In the 'Key' field, paste a buffer of 256 repeated characters. After entering any text in the 'Name' field, click 'Ok' to submit. The application will crash, demonstrating the denial-of-service condition.