CVE-2020-37130
BaseFortify
Publication date: 2026-02-05
Last updated on: 2026-05-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nsasoft | nsauditor | to 3.2.7 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2020-37130 is a denial of service vulnerability in Nsauditor version 3.2.0.0 and earlier. It occurs in the registration name input field due to a buffer overflow issue where the application does not properly validate the size of the input. An attacker can create a malicious payload of 1000 repeated characters and paste it into the registration name field, causing the application to crash.
How can this vulnerability impact me? :
This vulnerability can cause a local denial of service by crashing the Nsauditor application when a specially crafted input is entered into the registration name field. This disrupts normal operation and availability of the software, potentially impacting users who rely on it for network security auditing.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the affected application, Nsauditor 3.2.0.0. Specifically, a test involves creating a payload of 1000 repeated characters (such as \'A\') and pasting it into the registration name input field under "Register -> Enter Registration Code" in the application. If the application crashes, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'A proof-of-concept involves running a Python script to generate a file named "POC.txt" containing the 1000-character payload. The content of this file is then copied and pasted into the registration name field to trigger the crash.'}, {'type': 'paragraph', 'content': 'There are no specific network commands or automated scanning tools mentioned for detection, as this is a local application vulnerability triggered by user input.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding pasting or entering unusually long strings (such as 1000 repeated characters) into the registration name input field of Nsauditor 3.2.0.0.
Since the vulnerability requires local user interaction to trigger, restricting access to the application and limiting who can use the registration feature can reduce risk.
Additionally, consider updating to a newer version of the software if available, or applying any patches provided by the vendor to fix this buffer overflow issue.