CVE-2020-37198
Awaiting Analysis Awaiting Analysis - Queue
Denial of Service via Buffer Overflow in Duplicate Cleaner Pro

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: VulnCheck

Description
Duplicate Cleaner Pro 4.1.3 contains a denial of service vulnerability that allows attackers to crash the application by injecting an oversized buffer into the license key field. Attackers can generate a 6000-byte payload and paste it into the license activation field to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37198
EUVD
EUVD-2020-31188
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
digitalvolcano duplicate_cleaner_pro 4.1.3
duplicate_cleaner duplicate_cleaner_pro 4.1.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'Duplicate Cleaner Pro version 4.1.3 contains a denial of service vulnerability that allows an attacker to crash the application by injecting an oversized buffer into the license key field.'}, {'type': 'paragraph', 'content': 'Specifically, an attacker can generate a payload of 6000 characters and paste it into the license activation field, which causes the application to crash when the activation is attempted.'}, {'type': 'paragraph', 'content': "This vulnerability exploits the application's insufficient input validation or buffer handling in the license key field."}] [1]

Impact Analysis

This vulnerability can cause a denial of service condition by crashing the Duplicate Cleaner Pro application.

An attacker can disrupt normal use of the software by forcing it to crash through the injection of a large payload into the license key field.

This may lead to loss of productivity or interruption of tasks that depend on the application.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition using the known exploit method. Specifically, a malicious payload consisting of 6000 "A" characters can be generated and pasted into the license key field of Duplicate Cleaner Pro 4.1.3 to observe if the application crashes.'}, {'type': 'paragraph', 'content': 'A practical detection approach involves running a Python script to create a file named "Evil.txt" containing the 6000-character payload, then copying its content and pasting it into the license key field of the application to see if it crashes.'}, {'type': 'paragraph', 'content': 'There are no specific network commands mentioned for detection, as this is an application-level vulnerability triggered by input to the license key field.'}] [1]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37198. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart