CVE-2020-37197
Awaiting Analysis Awaiting Analysis - Queue
Buffer Overflow in Dnss Domain Name Search Causes DoS

Publication date: 2026-02-11

Last updated on: 2026-02-26

Assigner: VulnCheck

Description
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37197
EUVD
EUVD-2020-31191
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nsasoft domain_name_search_software *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2020-37197 is a denial of service vulnerability in the Dnss Domain Name Search Software. It occurs because the software does not properly check the size of input data in the 'Name' registration field, allowing an attacker to overflow the buffer by entering a payload of 1000 characters. This overflow causes the application to crash."}] [2, 1]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can impact you by causing the Dnss Domain Name Search Software to crash, resulting in a denial of service condition. An attacker with local access and requiring user interaction can trigger this crash by inputting a specially crafted 1000-character payload into the 'Name' field during registration. This can lead to application instability and disrupt normal operations."}] [2, 1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the system running the Dnss Domain Name Search Software.'}, {'type': 'paragraph', 'content': 'A proof-of-concept exploit involves creating a payload of 1000 characters (e.g., 1000 "A" characters) and pasting it into the \'Name\' input field during the software\'s registration process. If the application crashes or becomes unstable, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'There are no specific network detection commands since the exploit is local and requires user interaction.'}, {'type': 'paragraph', 'content': 'An example command to generate the payload file (poc.txt) using Python is:'}, {'type': 'list_item', 'content': 'python -c "print(\'A\'*1000)" > poc.txt'}, {'type': 'paragraph', 'content': "Then, open the Dnss software registration interface and paste the contents of poc.txt into the 'Name' field to test for the crash."}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': "To mitigate this vulnerability immediately, avoid entering excessively long input (such as 1000 characters) into the 'Name' input field of the Dnss Domain Name Search Software."}, {'type': 'paragraph', 'content': 'Restrict user interaction with the registration interface to trusted users only, as the attack requires local user interaction.'}, {'type': 'paragraph', 'content': 'If possible, apply any available patches or updates from the software vendor that address this buffer overflow issue.'}, {'type': 'paragraph', 'content': 'Consider running the software in a controlled environment or sandbox to limit the impact of potential crashes.'}] [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37197. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart