CVE-2020-37164
Denial of Service via Oversized License Name in AbsoluteTelnet
Publication date: 2026-02-07
Last updated on: 2026-02-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| celestialsoftware | absolutetelnet | to 11.12 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2020-37164 is a denial of service (DoS) vulnerability in AbsoluteTelnet version 11.12. It occurs when a local attacker inputs an oversized license nameβspecifically a payload of up to 2500 charactersβinto the license entry field. This causes the application to crash due to improper handling of input size, which is a classic buffer overflow issue.
How can this vulnerability impact me? :
This vulnerability can impact you by causing the AbsoluteTelnet application to crash, resulting in a denial of service. Since the attack requires local access and user interaction (pasting the oversized license key), an attacker with local access can disrupt the availability of the application, potentially interrupting workflows that depend on it.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the system running AbsoluteTelnet 11.12. Specifically, a test involves creating a payload of 2,500 characters and pasting it into the license entry field of the application.'}, {'type': 'list_item', 'content': 'Create a text file containing 2,500 "A" characters (e.g., using a command like `python -c "print(\'A\'*2500)" > payload.txt`).'}, {'type': 'list_item', 'content': 'Copy the contents of this file to the clipboard.'}, {'type': 'list_item', 'content': 'Open AbsoluteTelnet.exe, navigate to the "Help" menu, and select the "Enter License Key" dialog.'}, {'type': 'list_item', 'content': 'Paste the 2,500-character payload into the license entry field.'}, {'type': 'paragraph', 'content': 'If the application crashes upon pasting this oversized license name, the vulnerability is present.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting local user access to the AbsoluteTelnet application to prevent untrusted users from entering oversized license keys.
Since the vulnerability requires local access and user interaction, limiting who can run the application and enter license keys reduces risk.
Additionally, monitor for application crashes related to license key entry and avoid pasting or entering license keys longer than expected.
Check for updates or patches from the vendor (Celestial Software) that address this vulnerability and apply them as soon as they become available.