CVE-2020-37165
Denial of Service in AbsoluteTelnet 11.12 via Oversized License Name
Publication date: 2026-02-07
Last updated on: 2026-02-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| celestialsoftware | absolutetelnet | to 11.12 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can cause the AbsoluteTelnet application to crash, resulting in a denial of service.
Since the attack requires local access and user interaction, an attacker with local access can disrupt availability by crashing the application.
The impact is high on availability but does not affect confidentiality or integrity.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2020-37165 is a denial of service (DoS) vulnerability in AbsoluteTelnet version 11.12 and earlier.'}, {'type': 'paragraph', 'content': 'The issue arises from a buffer overflow caused by a lack of input size validation in the "license name" field.'}, {'type': 'paragraph', 'content': 'Local attackers can supply an oversized license name payloadβup to 2500 charactersβwhich triggers the application to crash.'}] [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the system running AbsoluteTelnet 11.12 or earlier.'}, {'type': 'paragraph', 'content': 'A practical detection method involves creating a payload of 2,500 characters (for example, 2,500 \'A\'s), copying it to the clipboard, and pasting it into the "License Name" field within the "Enter License Key" dialog of AbsoluteTelnet. If the application crashes, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'There are no specific network commands to detect this vulnerability since it requires local interaction.'}, {'type': 'paragraph', 'content': "For example, you can create the payload using a command like the following in a Windows command prompt or PowerShell to generate a file with 2,500 'A's:"}, {'type': 'list_item', 'content': 'PowerShell: `"A" * 2500 | Out-File AbsoluteTelnet_license_name.txt`'}, {'type': 'paragraph', 'content': 'Then open the file, copy its contents to the clipboard, and paste into the license name field to test.'}] [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding pasting or entering oversized license name strings (such as 2,500 characters) into the AbsoluteTelnet license name field.
Since the vulnerability requires local user interaction, restricting access to the application and limiting user permissions can reduce risk.
Additionally, monitor for updates or patches from the vendor (Celestial Software) and apply them once available.
If possible, consider using an updated or alternative version of the software that is not vulnerable.