CVE-2020-37198
Awaiting Analysis Awaiting Analysis - Queue
Denial of Service via Buffer Overflow in Duplicate Cleaner Pro

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: VulnCheck

Description
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-05-07
AI Q&A
2026-02-11
EPSS Evaluated
2026-05-05
NVD
CVE-2020-37198
EUVD
EUVD-2020-31188
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
digitalvolcano duplicate_cleaner_pro 4.1.3
duplicate_cleaner duplicate_cleaner_pro 4.1.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'Duplicate Cleaner Pro version 4.1.3 contains a denial of service vulnerability that allows an attacker to crash the application by injecting an oversized buffer into the license key field.'}, {'type': 'paragraph', 'content': 'Specifically, an attacker can generate a payload of 6000 characters and paste it into the license activation field, which causes the application to crash when the activation is attempted.'}, {'type': 'paragraph', 'content': "This vulnerability exploits the application's insufficient input validation or buffer handling in the license key field."}] [1]


How can this vulnerability impact me? :

This vulnerability can cause a denial of service condition by crashing the Duplicate Cleaner Pro application.

An attacker can disrupt normal use of the software by forcing it to crash through the injection of a large payload into the license key field.

This may lead to loss of productivity or interruption of tasks that depend on the application.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition using the known exploit method. Specifically, a malicious payload consisting of 6000 "A" characters can be generated and pasted into the license key field of Duplicate Cleaner Pro 4.1.3 to observe if the application crashes.'}, {'type': 'paragraph', 'content': 'A practical detection approach involves running a Python script to create a file named "Evil.txt" containing the 6000-character payload, then copying its content and pasting it into the license key field of the application to see if it crashes.'}, {'type': 'paragraph', 'content': 'There are no specific network commands mentioned for detection, as this is an application-level vulnerability triggered by input to the license key field.'}] [1]


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart