This page lists publicly disclosed CVE vulnerabilities affecting crun realterm (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-25679 | RealTerm Serial Terminal 2.0.0.70 contains a structured exception handling (SEH) buffer overflow vulnerability in the Echo Port tab that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers can craft a buffer overflow payload with a POP POP RET gadget chain and shellcode that triggers code execution when pasted into the Port field and the Change button is clicked. | [email protected] | 8.5 | 0.01% | 2026-04-05 | 2026-04-20 |
| CVE-2019-25570 | RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Port field. Attackers can paste a buffer of 1000 characters into the Port input field and click the open button to trigger a crash. | [email protected] | 6.8 | 0.01% | 2026-03-21 | 2026-03-24 |
| CVE-2019-25569 | RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler (SEH) chain corruption. Attackers can craft a malicious input string with 268 bytes of padding followed by SEH overwrite values and paste it into the Port field to cause denial of service. | [email protected] | 6.9 | 0.01% | 2026-03-21 | 2026-03-24 |