CVE-2020-37166
Buffer Overflow in AbsoluteTelnet SSH2 Username Causes DoS
Publication date: 2026-02-07
Last updated on: 2026-02-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| celestialsoftware | absolutetelnet | 11.12 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
This vulnerability exists in AbsoluteTelnet version 11.12 and is a denial of service (DoS) issue triggered by the SSH2 username input field.
Local attackers can exploit this by inputting a specially crafted username consisting of a 1000-byte buffer, which causes the application to crash and become unresponsive.
The exploit involves pasting a long string of characters into the username field when creating a new SSH2 connection, which overwrites the buffer and terminates the application.
How can this vulnerability impact me? :
This vulnerability can cause the AbsoluteTelnet application to crash and become unresponsive, resulting in a denial of service.
Since the attack requires local access, an attacker with local privileges can disrupt the availability of the application, potentially interrupting legitimate SSH2 connections and workflows.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition on the AbsoluteTelnet 11.12 application. Specifically, it involves testing the SSH2 username input field with an overly long input buffer.'}, {'type': 'list_item', 'content': "Run a script that generates a 1000-byte buffer of 'A' characters."}, {'type': 'list_item', 'content': 'Copy the generated buffer to the clipboard.'}, {'type': 'list_item', 'content': 'Open AbsoluteTelnet and create a new SSH2 connection.'}, {'type': 'list_item', 'content': 'Paste the buffer into the SSH2 username field.'}, {'type': 'list_item', 'content': 'Confirm the connection creation and observe if the application crashes.'}, {'type': 'paragraph', 'content': 'No specific network commands or automated detection commands are provided in the available resources.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of AbsoluteTelnet version 11.12 or not using the SSH2 username input field with unusually long inputs.
Since the vulnerability is triggered by a local attacker providing a 1000-byte username buffer, restricting local access to the application or user environment can reduce risk.
No official patches or updates are mentioned in the provided information, so consider upgrading to a later version if available or using alternative software.