CVE-2004-1919

Crackalaka 1.0.8 - Denial of Service via Large Malformed Strings

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1919. PoCs published by Donato Ferrante.

AI-analyzed exploit summary The exploit demonstrates a remote denial of service (DoS) vulnerability in Crackalaka by flooding the server with excessive data via netcat. The PoC leverages /dev/urandom to generate a continuous stream of data to crash the service.

Description

The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote attackers to cause a denial of service (crash) via large malformed strings.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Donato Ferrante · textdoslinux

https://www.exploit-db.com/exploits/23943

View Code ZIP pw:eip

The exploit demonstrates a remote denial of service (DoS) vulnerability in Crackalaka by flooding the server with excessive data via netcat. The PoC leverages /dev/urandom to generate a continuous stream of data to crash the service.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Crackalaka version 1.0.8

No auth needed

Prerequisites: Network access to the target server · Netcat or similar tool installed

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=108152479316967&w=2

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/11340

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/10092

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/15824

Scores

EPSS 0.0313

EPSS Percentile 86.2%

Details

Status published

Products (1)

crackalaka/crackalaka 1.0.8

Published Apr 09, 2004

Tracked Since Feb 18, 2026