CVE-2020-37195
Awaiting Analysis Awaiting Analysis - Queue
Buffer Overflow in BlueAuditor 1.7.2.0 Causes DoS Crash

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: VulnCheck

Description
BlueAuditor 1.7.2.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37195
EUVD
EUVD-2020-31139
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
nsauditor blueauditor 1.7.2.0
nsauditor blueauditor to 1.7.2.0 (exc)
blueauditor blueauditor 1.7.2.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

[{'type': 'paragraph', 'content': "Immediate mitigation steps include avoiding the use of the vulnerable BlueAuditor 1.7.2.0 application or restricting access to it to prevent untrusted users from interacting with the registration 'Name' field."}, {'type': 'paragraph', 'content': 'Since the vulnerability requires local user interaction, limiting user privileges and access can reduce the risk.'}, {'type': 'paragraph', 'content': 'Additionally, monitor for any updates or patches from the vendor that address this buffer overflow issue and apply them as soon as they become available.'}] [2]

Executive Summary

[{'type': 'paragraph', 'content': "CVE-2020-37195 is a denial of service vulnerability in BlueAuditor version 1.7.2.0. It occurs in the registration 'Name' input field where the application does not properly validate the size of the input. An attacker can exploit this by submitting a specially crafted payload of 1000 characters, which causes the application to crash."}] [1, 2]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can cause the BlueAuditor application to crash, resulting in a denial of service. An attacker who can interact locally with the application and perform user interaction can trigger this crash by inputting a large payload into the 'Name' field during registration. This disrupts normal operation and availability of the software."}] [1, 2]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to reproduce the denial of service condition on the BlueAuditor 1.7.2.0 application. Specifically, a test can be performed by creating a payload of 1000 characters and pasting it into the 'Name' field during the registration process to see if the application crashes."}, {'type': 'paragraph', 'content': 'A practical detection method involves using a simple script to generate the payload and then manually inputting it into the application.'}, {'type': 'list_item', 'content': 'Create a file named poc.txt containing 1000 \'A\' characters using a command like: python -c "print(\'A\'*1000)" > poc.txt'}, {'type': 'list_item', 'content': 'Open BlueAuditor 1.7.2.0 and navigate to the registration dialog.'}, {'type': 'list_item', 'content': "Copy the contents of poc.txt and paste it into the 'Name' input field."}, {'type': 'list_item', 'content': 'Submit the form and observe if the application crashes, indicating the presence of the vulnerability.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37195. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart