CVE-2020-37165
Unknown Unknown - Not Provided
Denial of Service in AbsoluteTelnet 11.12 via Oversized License Name

Publication date: 2026-02-07

Last updated on: 2026-02-19

Assigner: VulnCheck

Description
AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-07
Last Modified
2026-02-19
Generated
2026-06-16
AI Q&A
2026-02-07
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37165
EUVD
EUVD-2020-31116
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
celestialsoftware absolutetelnet to 11.12 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2020-37165 is a denial of service (DoS) vulnerability in AbsoluteTelnet version 11.12 and earlier.'}, {'type': 'paragraph', 'content': 'The issue arises from a buffer overflow caused by a lack of input size validation in the "license name" field.'}, {'type': 'paragraph', 'content': 'Local attackers can supply an oversized license name payloadβ€”up to 2500 charactersβ€”which triggers the application to crash.'}] [1, 2]

Impact Analysis

This vulnerability can cause the AbsoluteTelnet application to crash, resulting in a denial of service.

Since the attack requires local access and user interaction, an attacker with local access can disrupt availability by crashing the application.

The impact is high on availability but does not affect confidentiality or integrity.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the system running AbsoluteTelnet 11.12 or earlier.'}, {'type': 'paragraph', 'content': 'A practical detection method involves creating a payload of 2,500 characters (for example, 2,500 \'A\'s), copying it to the clipboard, and pasting it into the "License Name" field within the "Enter License Key" dialog of AbsoluteTelnet. If the application crashes, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'There are no specific network commands to detect this vulnerability since it requires local interaction.'}, {'type': 'paragraph', 'content': "For example, you can create the payload using a command like the following in a Windows command prompt or PowerShell to generate a file with 2,500 'A's:"}, {'type': 'list_item', 'content': 'PowerShell: `"A" * 2500 | Out-File AbsoluteTelnet_license_name.txt`'}, {'type': 'paragraph', 'content': 'Then open the file, copy its contents to the clipboard, and paste into the license name field to test.'}] [2]

Mitigation Strategies

Immediate mitigation steps include avoiding pasting or entering oversized license name strings (such as 2,500 characters) into the AbsoluteTelnet license name field.

Since the vulnerability requires local user interaction, restricting access to the application and limiting user permissions can reduce risk.

Additionally, monitor for updates or patches from the vendor (Celestial Software) and apply them once available.

If possible, consider using an updated or alternative version of the software that is not vulnerable.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37165. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart