CVE-2020-37130
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-02-05

Last updated on: 2026-05-01

Assigner: VulnCheck

Description
Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted into the registration name field.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-05-01
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37130
EUVD
EUVD-2020-31026
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nsasoft nsauditor to 3.2.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37130 is a denial of service vulnerability in Nsauditor version 3.2.0.0 and earlier. It occurs in the registration name input field due to a buffer overflow issue where the application does not properly validate the size of the input. An attacker can create a malicious payload of 1000 repeated characters and paste it into the registration name field, causing the application to crash.

Impact Analysis

This vulnerability can cause a local denial of service by crashing the Nsauditor application when a specially crafted input is entered into the registration name field. This disrupts normal operation and availability of the software, potentially impacting users who rely on it for network security auditing.

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the affected application, Nsauditor 3.2.0.0. Specifically, a test involves creating a payload of 1000 repeated characters (such as \'A\') and pasting it into the registration name input field under "Register -> Enter Registration Code" in the application. If the application crashes, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'A proof-of-concept involves running a Python script to generate a file named "POC.txt" containing the 1000-character payload. The content of this file is then copied and pasted into the registration name field to trigger the crash.'}, {'type': 'paragraph', 'content': 'There are no specific network commands or automated scanning tools mentioned for detection, as this is a local application vulnerability triggered by user input.'}] [1, 2]

Mitigation Strategies

Immediate mitigation steps include avoiding pasting or entering unusually long strings (such as 1000 repeated characters) into the registration name input field of Nsauditor 3.2.0.0.

Since the vulnerability requires local user interaction to trigger, restricting access to the application and limiting who can use the registration feature can reduce risk.

Additionally, consider updating to a newer version of the software if available, or applying any patches provided by the vendor to fix this buffer overflow issue.

Compliance Impact

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37130. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart