CVE-2020-37189
Awaiting Analysis Awaiting Analysis - Queue
Buffer Overflow in TaskCanvas 1.4.0 Causes Denial of Service

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: VulnCheck

Description
TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37189
EUVD
EUVD-2020-31136
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
digitalvolcano taskcanvas 1.4.0
digitalvolcano taskcanvas to 1.4.0 (exc)
taskcanvas taskcanvas 1.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-37189 is a denial of service vulnerability in TaskCanvas version 1.4.0. It occurs in the registration code input field where an attacker can input a specially crafted payload of 1000 characters. This causes a buffer overflow that crashes the application, disrupting its normal operation.

The vulnerability is triggered by pasting a long string into the registration field, which the software does not properly validate or limit, leading to an application crash.

Impact Analysis

This vulnerability can impact you by causing the TaskCanvas application to crash when the registration code input field receives a maliciously long input. This results in a denial of service condition where the application becomes unavailable or unusable until restarted.

An attacker with local access and the ability to interact with the user interface can exploit this to disrupt your use of TaskCanvas, potentially interrupting workflows or causing loss of productivity.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition in TaskCanvas 1.4.0. Specifically, you can generate a payload of 1000 characters and input it into the registration code field to see if the application crashes.'}, {'type': 'list_item', 'content': "Use a Python script to create a file containing 1000 'A' characters."}, {'type': 'list_item', 'content': 'Open TaskCanvas and navigate to the Registration dialog.'}, {'type': 'list_item', 'content': 'Copy the generated 1000-character string into the registration code input field.'}, {'type': 'list_item', 'content': 'Submit the input and observe if the application crashes, indicating the presence of the vulnerability.'}] [1]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of the registration code input field with untrusted or excessively long input to prevent triggering the crash.

Since the vulnerability requires local user interaction, restrict access to the application to trusted users only.

Monitor for updates or patches from the vendor DigitalVolcano Software and apply them once available.

Consider running the application in a controlled environment or sandbox to limit the impact of potential crashes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37189. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart