CVE-2020-37189
Awaiting Analysis Awaiting Analysis - Queue

Buffer Overflow in TaskCanvas 1.4.0 Causes Denial of Service

Vulnerability report for CVE-2020-37189, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: VulnCheck

Description

TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-07-06
AI Q&A
2026-02-11
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
digitalvolcano taskcanvas 1.4.0
digitalvolcano taskcanvas to 1.4.0 (exc)
taskcanvas taskcanvas 1.4.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2020-37189 is a denial of service vulnerability in TaskCanvas version 1.4.0. It occurs in the registration code input field where an attacker can input a specially crafted payload of 1000 characters. This causes a buffer overflow that crashes the application, disrupting its normal operation.

The vulnerability is triggered by pasting a long string into the registration field, which the software does not properly validate or limit, leading to an application crash.

Impact Analysis

This vulnerability can impact you by causing the TaskCanvas application to crash when the registration code input field receives a maliciously long input. This results in a denial of service condition where the application becomes unavailable or unusable until restarted.

An attacker with local access and the ability to interact with the user interface can exploit this to disrupt your use of TaskCanvas, potentially interrupting workflows or causing loss of productivity.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the crash condition in TaskCanvas 1.4.0. Specifically, you can generate a payload of 1000 characters and input it into the registration code field to see if the application crashes.'}, {'type': 'list_item', 'content': "Use a Python script to create a file containing 1000 'A' characters."}, {'type': 'list_item', 'content': 'Open TaskCanvas and navigate to the Registration dialog.'}, {'type': 'list_item', 'content': 'Copy the generated 1000-character string into the registration code input field.'}, {'type': 'list_item', 'content': 'Submit the input and observe if the application crashes, indicating the presence of the vulnerability.'}] [1]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of the registration code input field with untrusted or excessively long input to prevent triggering the crash.

Since the vulnerability requires local user interaction, restrict access to the application to trusted users only.

Monitor for updates or patches from the vendor DigitalVolcano Software and apply them once available.

Consider running the application in a controlled environment or sandbox to limit the impact of potential crashes.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37189. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart