CVE-2020-37010
Unknown Unknown - Not Provided
Buffer Overflow in BearShare Lite 5.2.5 Enables Code Execution

Publication date: 2026-01-29

Last updated on: 2026-01-29

Assigner: VulnCheck

Description
BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite the EIP register and execute shellcode by pasting malicious content into the search keywords field.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-29
Last Modified
2026-01-29
Generated
2026-06-16
AI Q&A
2026-01-29
EPSS Evaluated
2026-06-14
NVD
CVE-2020-37010
EUVD
EUVD-2020-30905
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bearshare bearshare_lite From 5.1.0 (inc) to 5.2.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37010 is a buffer overflow vulnerability in BearShare Lite version 5.2.5 and earlier, specifically in the Advanced Search feature's keywords input field. The application does not properly check the size of the input buffer, allowing an attacker to craft a specially designed payload that, when pasted into the search keywords field, overflows the buffer and overwrites the Extended Instruction Pointer (EIP) register. This enables the attacker to execute arbitrary shellcode on the affected system. Exploitation requires local access and user interaction, such as pasting the malicious payload into the search field and triggering the search. [1, 3]

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary code on your system with the privileges of the BearShare Lite application. This could lead to unauthorized actions such as running malicious programs, compromising system integrity, stealing data, or causing denial of service. Since the exploit requires local access and user interaction, an attacker would need to convince or trick a user into pasting the malicious payload into the search keywords field. Successful exploitation can severely impact confidentiality, integrity, and availability of your system. [1, 3]

Detection Guidance

This vulnerability can be detected by attempting to reproduce the buffer overflow condition in the BearShare Lite 5.2.5 application. Specifically, a crafted payload can be created that overflows the 'Keywords:' input field in the Advanced Search feature. The exploit involves pasting a payload consisting of 524 'A' characters, followed by a JMP ESP address, 4 'B' characters, and shellcode into the search keywords field. Detection involves monitoring for abnormal application behavior or crashes when such input is entered. Since the exploit is local and requires user interaction, network detection is limited. No specific network commands are provided, but testing can be done by using the provided Python exploit script to generate the payload and observing the application's response. [1, 3]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of the Advanced Search 'Keywords:' input field with untrusted or suspicious input, as the vulnerability requires user interaction to trigger. Users should refrain from pasting unknown or suspicious content into the search keywords field. Additionally, applying any available patches or updates from the vendor (if available) is recommended. If no patch is available, consider restricting access to BearShare Lite 5.2.5 or replacing it with a safer alternative. Monitoring for unusual application crashes or behavior can also help identify exploitation attempts. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37010. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart