CVE-2020-37179
Denial of Service via Input Overflow in APKF Product Key Finder
Publication date: 2026-02-11
Last updated on: 2026-02-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apkf | product_key_finder | to 2.5.8.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "APKF Product Key Finder version 2.5.8.0 contains a denial of service (DoS) vulnerability caused by a buffer overflow in the 'Name' input field during the registration process."}, {'type': 'paragraph', 'content': 'An attacker can input a payload of about 1000 characters into this field, which the application does not properly handle, leading to a crash.'}, {'type': 'paragraph', 'content': 'This vulnerability is classified under CWE-120, indicating a classic buffer overflow due to copying data without checking input size.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can cause the APKF Product Key Finder application to crash when a specially crafted input is entered into the registration name field.
The impact is a denial of service condition, meaning legitimate users may be unable to use the application until it is restarted or fixed.
The CVSS v3.1 score of 7.5 indicates a high severity impact on availability, but no impact on confidentiality or integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the system running APKF Product Key Finder 2.5.8.0.'}, {'type': 'paragraph', 'content': 'A proof-of-concept involves generating a payload of 1000 characters (e.g., 1000 "A" characters) and pasting it into the \'Name\' input field during the software\'s registration process.'}, {'type': 'paragraph', 'content': 'For example, you can use a Python script to create the payload and save it to a file:'}, {'type': 'list_item', 'content': 'python -c "print(\'A\'*1000)" > poc.txt'}, {'type': 'paragraph', 'content': "Then, open APKF Product Key Finder, navigate to Register -> Enter Registration Code, and paste the contents of poc.txt into the 'Name' field. If the application crashes, the vulnerability is present."}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include avoiding pasting or entering excessively long strings (around 1000 characters) into the 'Name' input field of APKF Product Key Finder 2.5.8.0."}, {'type': 'paragraph', 'content': 'Since the vulnerability is triggered by local user input, restricting access to the application to trusted users and environments can reduce risk.'}, {'type': 'paragraph', 'content': 'Additionally, monitor for updates or patches from the vendor that address this buffer overflow issue and apply them as soon as they become available.'}] [1, 2]