CVE-2020-37177
Awaiting Analysis Awaiting Analysis - Queue
SEH Overwrite Denial of Service in BOOTP Turbo

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: VulnCheck

Description
BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH chain.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37177
EUVD
EUVD-2020-31209
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
weird_solutions bootp_turbo to 2.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37177 is a denial of service vulnerability in BOOTP Turbo version 2.0 and earlier. It is caused by a stack-based buffer overflow that allows attackers to overwrite the Structured Exception Handler (SEH) chain. By crafting a malicious payload of 2,196 bytes with specific byte patterns, an attacker can corrupt the SEH chain and cause the application to crash.

Impact Analysis

This vulnerability can impact you by causing the BOOTP Turbo application to crash, resulting in a denial of service. The crash occurs because the attacker overwrites the SEH chain, which disrupts the normal exception handling process. This leads to application unavailability and potential disruption of services relying on this software.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition on the BOOTP Turbo 2.0 application. Specifically, the vulnerability is triggered by inputting a specially crafted payload into the application\'s "Log File" text box within the Settings menu after enabling detailed logging.'}, {'type': 'paragraph', 'content': "A proof-of-concept exploit involves creating a buffer overflow payload consisting of 2196 'A' characters, followed by 4 'B' characters (nSEH), 4 'C' characters (SEH), and padding with 'D' characters to reach a total length of 3000 bytes. When this payload is pasted into the log file input and confirmed, it causes the application to crash due to Structured Exception Handler (SEH) chain corruption."}, {'type': 'paragraph', 'content': 'While no specific network commands are provided, detection involves monitoring the application for crashes related to SEH chain corruption after such input. Using the provided proof-of-concept Python script to generate the malicious payload file "crash.txt" and applying it as described can help confirm the presence of the vulnerability.'}] [2]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation steps include avoiding the use of the vulnerable input vector, specifically refraining from pasting or loading untrusted or malformed data into the "Log File" text box within the BOOTP Turbo 2.0 application.'}, {'type': 'paragraph', 'content': 'Since the vulnerability requires local user interaction to trigger the crash, restricting access to the application and limiting user permissions can reduce the risk of exploitation.'}, {'type': 'paragraph', 'content': 'Additionally, monitoring for application crashes and applying any available patches or updates from the vendor (Weird Solutions) when released is recommended.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37177. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart