CVE-2020-37119
BaseFortify
Publication date: 2026-02-05
Last updated on: 2026-02-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nsasoft | nsauditor | 3.0.28 |
| nsasoft | nsauditor | 3.2.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the DNS Lookup tool of Nsauditor versions 3.0.28 and 3.2.1.0. It allows attackers to execute arbitrary code by overwriting memory. Specifically, an attacker can craft a malicious DNS query payload that triggers a three-byte overwrite, bypassing security protections like ASLR and Structured Exception Handler (SEH). This enables the attacker to run shellcode through a carefully constructed exploit.
The exploit works by pasting a specially crafted payload into the DNS Query field and triggering the DNS Lookup. The payload includes shellcode encoded to avoid problematic characters and uses techniques to control the execution flow, such as popping registers and jumping backward in memory. The vulnerability arises because Nsauditor does not properly validate input length in the DNS Lookup feature, allowing this buffer overflow to occur.
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows an attacker to execute arbitrary code on the affected system. This means an attacker could potentially run malicious programs, escalate privileges, or take full control of the system running Nsauditor.
Because the exploit bypasses important security protections like ASLR and SEH, it is more reliable and dangerous. The attacker can execute shellcode locally, which could lead to unauthorized actions such as installing malware, stealing data, or disrupting system operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the DNS Lookup tool in Nsauditor versions 3.0.28 and 3.2.1.0 for buffer overflow behavior when processing specially crafted DNS query payloads.'}, {'type': 'paragraph', 'content': 'A practical detection method involves using the exploit technique described: paste a crafted payload into the "Dns Query" field of the DNS Lookup tool and observe if the application crashes or executes arbitrary code.'}, {'type': 'paragraph', 'content': 'Since the exploit is local and triggered via the GUI, there are no direct network commands to detect it remotely. However, monitoring for abnormal application crashes or unexpected behavior in Nsauditor during DNS queries can indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'No specific command-line detection commands are provided in the resources.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Avoid using the DNS Lookup tool in Nsauditor versions 3.0.28 and 3.2.1.0 until a patch or update is available.
- Restrict access to the Nsauditor application to trusted users only, preventing untrusted users from triggering the vulnerability.
- Monitor the system for any unusual crashes or behavior related to Nsauditor.
- Check for updates or patches from the vendor (https://www.nsauditor.com/) that address this buffer overflow vulnerability.
- Consider removing or uninstalling vulnerable versions of Nsauditor if immediate patching is not possible.