CVE-2020-37038
Published: 30 January 2026
Summary
CVE-2020-37038 is a medium-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Codeblocks (inferred from references). Its CVSS base score is 4.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 8.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2020-37038 is a denial of service vulnerability in Code Blocks version 20.03, specifically affecting the FSymbols search field. Attackers can trigger an application crash by pasting a large payload consisting of 5000 repeated characters into the search field. The issue is categorized under CWE-770 (Allocation of Resources Without Limits or Throttling) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high-impact availability disruption with network accessibility and low attack complexity.
Unauthenticated attackers can exploit this vulnerability remotely without privileges or user interaction. By manipulating input in the FSymbols search field with the specified oversized payload, they achieve a complete crash of the Code Blocks application, rendering it unavailable and potentially disrupting user workflows in the affected development environment.
Advisories and related resources include a VulnCheck advisory at https://www.vulncheck.com/advisories/code-blocks-denial-of-service detailing the issue, along with a proof-of-concept exploit published on Exploit-DB at https://www.exploit-db.com/exploits/48617. Official project pages are hosted at http://www.codeblocks.org/ and https://sourceforge.net/projects/codeblocks. No specific patch information is detailed in the provided references.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-30940
Vulnerability details
Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger…
more
an application crash.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct match to application exploitation causing crash/DoS via unbounded resource allocation in input field (CWE-770).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Rejects or sanitizes oversized input in the FSymbols search field before the application performs unbounded resource allocation.
Implements denial-of-service protection mechanisms that limit the impact of resource-exhaustion attacks triggered through application inputs.
Enforces resource availability controls that throttle or prioritize allocation to prevent a single input from crashing the process.