CVE-2020-37197
Buffer Overflow in Dnss Domain Name Search Causes DoS
Publication date: 2026-02-11
Last updated on: 2026-02-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nsasoft | domain_name_search_software | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2020-37197 is a denial of service vulnerability in the Dnss Domain Name Search Software. It occurs because the software does not properly check the size of input data in the 'Name' registration field, allowing an attacker to overflow the buffer by entering a payload of 1000 characters. This overflow causes the application to crash."}] [2, 1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can impact you by causing the Dnss Domain Name Search Software to crash, resulting in a denial of service condition. An attacker with local access and requiring user interaction can trigger this crash by inputting a specially crafted 1000-character payload into the 'Name' field during registration. This can lead to application instability and disrupt normal operations."}] [2, 1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition locally on the system running the Dnss Domain Name Search Software.'}, {'type': 'paragraph', 'content': 'A proof-of-concept exploit involves creating a payload of 1000 characters (e.g., 1000 "A" characters) and pasting it into the \'Name\' input field during the software\'s registration process. If the application crashes or becomes unstable, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'There are no specific network detection commands since the exploit is local and requires user interaction.'}, {'type': 'paragraph', 'content': 'An example command to generate the payload file (poc.txt) using Python is:'}, {'type': 'list_item', 'content': 'python -c "print(\'A\'*1000)" > poc.txt'}, {'type': 'paragraph', 'content': "Then, open the Dnss software registration interface and paste the contents of poc.txt into the 'Name' field to test for the crash."}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "To mitigate this vulnerability immediately, avoid entering excessively long input (such as 1000 characters) into the 'Name' input field of the Dnss Domain Name Search Software."}, {'type': 'paragraph', 'content': 'Restrict user interaction with the registration interface to trusted users only, as the attack requires local user interaction.'}, {'type': 'paragraph', 'content': 'If possible, apply any available patches or updates from the software vendor that address this buffer overflow issue.'}, {'type': 'paragraph', 'content': 'Consider running the software in a controlled environment or sandbox to limit the impact of potential crashes.'}] [2]