CVE-2020-37193
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: VulnCheck

Description
ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when selecting a ZIP file.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37193
EUVD
EUVD-2020-31138
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2020-37193 is a denial of service (DoS) vulnerability in ZIP Password Recovery version 2.30 and earlier. It occurs because the application improperly handles input size during buffer copying, leading to a buffer overflow (CWE-120). An attacker can create a specially crafted text file containing specific characters that, when selected as a ZIP file within the application, causes the program to crash.'}, {'type': 'paragraph', 'content': "The exploit involves providing malicious input in the 'Select Your ZIP File' field, which triggers the crash. This vulnerability requires local access and user interaction to be exploited."}] [1, 2]

Impact Analysis

This vulnerability can impact you by causing the ZIP Password Recovery application to crash, resulting in a denial of service. This disrupts the availability of the application, preventing legitimate users from using it effectively.

Since the attack requires local access and user interaction, the impact is limited to disruption rather than unauthorized data access or modification.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition using a specially crafted input file. A proof-of-concept exploit involves running a Python script that generates a malicious text file named "poc.txt" containing a payload of hexadecimal bytes and repeated characters.'}, {'type': 'paragraph', 'content': 'To detect the vulnerability, you can run the Python script from Resource 1 to create the malicious input file, then paste the contents of this file into the "Select Your ZIP File" field of ZIP Password Recovery 2.30 and observe if the application crashes.'}, {'type': 'paragraph', 'content': 'No specific network commands are applicable since the attack is local and requires user interaction.'}] [1]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of ZIP Password Recovery version 2.30 or earlier until a patch or update is available.

Do not open or select ZIP files using untrusted or suspicious input files that could contain maliciously crafted characters designed to trigger the crash.

If possible, restrict access to the application to trusted users only and educate users about the risk of opening unverified files.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37193. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart