CVE-2020-37039
Published: 30 January 2026
Summary
CVE-2020-37039 is a medium-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability. Its CVSS base score is 4.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 8.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-5 (Denial-of-service Protection).
Deeper analysis
CVE-2020-37039 is a denial of service vulnerability in Frigate version 2.02. The issue resides in the command line interface component, where attackers can crash the application by sending oversized input, such as a payload consisting of 8000 repeated characters pasted into the CLI field. Classified under CWE-770, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), emphasizing its network accessibility and high impact on availability.
Remote attackers require no privileges, authentication, or user interaction to exploit this vulnerability. By generating and submitting the specified oversized payload to the CLI, they can reliably trigger an application crash, leading to denial of service and disruption of Frigate's functionality.
Advisories and related resources, including an archived Frigate website, an Exploit-DB entry (48613), and a VulnCheck advisory on the Frigate denial of service, provide further details on the issue.
A proof-of-concept exploit is documented on Exploit-DB, demonstrating practical exploitability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-30939
Vulnerability details
Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 8000 repeated characters and paste it into the application's command…
more
line field to trigger an application crash.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote exploitation of CLI input handling flaw (CWE-770) to crash the application, matching Application or System Exploitation for Endpoint DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of input size and format on the CLI field to reject oversized payloads before they cause resource exhaustion and application crash.
Provides denial-of-service protection mechanisms that can limit or throttle excessive resource allocation triggered by malformed CLI input.
Ensures the application handles erroneous or oversized input gracefully without terminating the entire process.