CVE-2020-37211
Awaiting Analysis Awaiting Analysis - Queue
Buffer Overflow in SpotIM 2.2 Causes Denial of Service

Publication date: 2026-02-11

Last updated on: 2026-02-26

Assigner: VulnCheck

Description
SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2020-37211
EUVD
EUVD-2020-31172
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nsasoft spotim to 2.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2020-37211 is a denial of service vulnerability in SpotIM version 2.2 that occurs due to improper handling of input size in the registration 'Name' field."}, {'type': 'paragraph', 'content': "An attacker can exploit this by submitting a large input buffer, specifically a 1000-character payload, into the 'Name' field, which causes the application to crash."}, {'type': 'paragraph', 'content': 'This vulnerability is a classic buffer overflow (CWE-120) triggered by the oversized input.'}] [1, 2]

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can cause the SpotIM application to crash, resulting in a denial of service condition.'}, {'type': 'paragraph', 'content': "An attacker with local access and the ability to interact with the user interface can trigger this crash by inputting a large payload into the registration 'Name' field."}, {'type': 'paragraph', 'content': 'The impact is that legitimate users may be unable to use the application while it is crashed, potentially disrupting services that depend on SpotIM.'}] [1, 2]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to reproduce the denial of service condition on the SpotIM 2.2 application by inputting a large payload into the registration 'Name' field."}, {'type': 'paragraph', 'content': "A practical detection method involves generating a 1000-character payload and pasting it into the 'Name' field during registration to see if the application crashes."}, {'type': 'paragraph', 'content': 'A sample Python script can be used to create the payload file as follows:'}, {'type': 'list_item', 'content': '#!/usr/bin/python'}, {'type': 'list_item', 'content': 'buffer = "A" * 1000'}, {'type': 'list_item', 'content': 'payload = buffer'}, {'type': 'list_item', 'content': 'try:'}, {'type': 'list_item', 'content': ' f = open("poc.txt", "w")'}, {'type': 'list_item', 'content': ' print("[+] Creating 1000 bytes evil payload.")'}, {'type': 'list_item', 'content': ' f.write(payload)'}, {'type': 'list_item', 'content': ' f.close()'}, {'type': 'list_item', 'content': ' print("[+] File created!")'}, {'type': 'list_item', 'content': 'except:'}, {'type': 'list_item', 'content': ' print("File cannot be created.")'}, {'type': 'paragraph', 'content': 'After generating the payload, launch SpotIM, navigate to the registration interface, select "Enter Registration Code," and paste the contents of the payload file into the \'Name\' field. Clicking "Ok" should cause the application to crash if the vulnerability is present.'}] [2]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37211. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart