CVE-2020-37194
Denial of Service in Backup Key Recovery 2.2.5 via Oversized Registration Key
Publication date: 2026-02-11
Last updated on: 2026-02-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nsauditor | backup_key_recovery | to 2.2.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2020-37194 is a denial of service vulnerability in Backup Key Recovery version 2.2.5 and earlier. It occurs because the application does not properly check the size of input data when processing the registration key.
An attacker can supply an overly long registration key, such as a 1000-character payload, which causes a buffer overflow and crashes the application.
This vulnerability exploits improper input handling in the registration key field, leading to an application crash and denial of service.
How can this vulnerability impact me? :
This vulnerability can cause the Backup Key Recovery application to crash when an attacker inputs an excessively long registration key.
The impact is a denial of service condition, meaning legitimate users may be unable to use the application while it is crashed.
Since the attack requires local access and user interaction, the risk is somewhat limited but still significant for availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the Backup Key Recovery 2.2.5 application. Specifically, an attacker or tester can generate a payload file containing 1000 characters and paste it into the registration key field of the application to see if it crashes.'}, {'type': 'list_item', 'content': 'Download and install Backup Key Recovery 2.2.5.'}, {'type': 'list_item', 'content': 'Use a script (such as a Python script) to generate a file named "poc.txt" containing 1000 "A" characters.'}, {'type': 'list_item', 'content': 'Launch the Backup Key Recovery software and navigate to "Register -> Enter Registration Code."'}, {'type': 'list_item', 'content': 'Copy the contents of "poc.txt" and paste it into the registration key field.'}, {'type': 'list_item', 'content': "Click 'Ok' and observe if the application crashes, indicating the presence of the vulnerability."}] [2]
What immediate steps should I take to mitigate this vulnerability?
I don't know