CVE-2020-37166
Unknown Unknown - Not Provided
Buffer Overflow in AbsoluteTelnet SSH2 Username Causes DoS

Publication date: 2026-02-07

Last updated on: 2026-02-19

Assigner: VulnCheck

Description
AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become unresponsive and terminate.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-07
Last Modified
2026-02-19
Generated
2026-06-16
AI Q&A
2026-02-07
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37166
EUVD
EUVD-2020-31118
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
celestialsoftware absolutetelnet 11.12
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in AbsoluteTelnet version 11.12 and is a denial of service (DoS) issue triggered by the SSH2 username input field.

Local attackers can exploit this by inputting a specially crafted username consisting of a 1000-byte buffer, which causes the application to crash and become unresponsive.

The exploit involves pasting a long string of characters into the username field when creating a new SSH2 connection, which overwrites the buffer and terminates the application.

Compliance Impact

I don't know

Impact Analysis

This vulnerability can cause the AbsoluteTelnet application to crash and become unresponsive, resulting in a denial of service.

Since the attack requires local access, an attacker with local privileges can disrupt the availability of the application, potentially interrupting legitimate SSH2 connections and workflows.

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition on the AbsoluteTelnet 11.12 application. Specifically, it involves testing the SSH2 username input field with an overly long input buffer.'}, {'type': 'list_item', 'content': "Run a script that generates a 1000-byte buffer of 'A' characters."}, {'type': 'list_item', 'content': 'Copy the generated buffer to the clipboard.'}, {'type': 'list_item', 'content': 'Open AbsoluteTelnet and create a new SSH2 connection.'}, {'type': 'list_item', 'content': 'Paste the buffer into the SSH2 username field.'}, {'type': 'list_item', 'content': 'Confirm the connection creation and observe if the application crashes.'}, {'type': 'paragraph', 'content': 'No specific network commands or automated detection commands are provided in the available resources.'}] [1]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of AbsoluteTelnet version 11.12 or not using the SSH2 username input field with unusually long inputs.

Since the vulnerability is triggered by a local attacker providing a 1000-byte username buffer, restricting local access to the application or user environment can reduce risk.

No official patches or updates are mentioned in the provided information, so consider upgrading to a later version if available or using alternative software.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37166. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart