CVE-2020-37133
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-02-05

Last updated on: 2026-02-09

Assigner: VulnCheck

Description
UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long string of 300 characters into the Repeater Host property to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-05
Last Modified
2026-02-09
Generated
2026-06-16
AI Q&A
2026-02-05
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37133
EUVD
EUVD-2020-31031
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
uvnc ultravnc to 1.2.4.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37133 is a denial of service vulnerability in UltraVNC Launcher version 1.2.4.0. It occurs due to a stack-based buffer overflow in the Repeater Host configuration field. An attacker can cause the application to crash by inputting an overly long string of 300 characters into this field.

This vulnerability arises from improper input handling in the Repeater Host property, which leads to application instability and crash when a specially crafted string is pasted into it.

Impact Analysis

This vulnerability can cause the UltraVNC Launcher application to crash, resulting in a denial of service condition. This means legitimate users may be unable to use the application while it is crashed.

Since the attack requires local access and user interaction, an attacker with access to the system can disrupt the availability of the UltraVNC Launcher by exploiting this flaw.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition on the UltraVNC Launcher application version 1.2.4.0. Specifically, by inputting a string of 300 characters into the Repeater Host configuration field, the application will crash if vulnerable.'}, {'type': 'paragraph', 'content': 'A practical detection method involves running a provided Python script that generates the malicious input string, then pasting this string into the Repeater Host field in the UltraVNC Launcher properties to observe if the application crashes.'}, {'type': 'list_item', 'content': 'Run the Python script `UltraVNC_1.2.40-Launcher_RepeaterHost.py` to generate the test input.'}, {'type': 'list_item', 'content': 'Open the generated text file `UltraVNC_1.2.40-Launcher_RepeaterHost.txt` and copy its contents.'}, {'type': 'list_item', 'content': 'Launch UltraVNC Launcher application.'}, {'type': 'list_item', 'content': 'Navigate to the "Properties" section.'}, {'type': 'list_item', 'content': 'Paste the copied string into the "Repeater host" field.'}, {'type': 'list_item', 'content': 'Click "OK" and observe if the application crashes, indicating the presence of the vulnerability.'}] [1]

Mitigation Strategies

Immediate mitigation steps include avoiding the input of overly long strings (300 characters or more) into the Repeater Host configuration field of UltraVNC Launcher version 1.2.4.0.

Since the vulnerability requires local user interaction, restricting access to the UltraVNC Launcher application and limiting user permissions can reduce the risk of exploitation.

Additionally, monitoring for updates or patches from the vendor and applying them once available is recommended to fully remediate the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37133. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart