Cyber Resilience

CVE-2020-37039

MediumPublic PoC

Published: 30 January 2026

Published
30 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 8.3th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37039 is a medium-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability. Its CVSS base score is 4.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 8.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2020-37039 is a denial of service vulnerability in Frigate version 2.02. The issue resides in the command line interface component, where attackers can crash the application by sending oversized input, such as a payload consisting of 8000 repeated characters pasted into the CLI field. Classified under CWE-770, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), emphasizing its network accessibility and high impact on availability.

Remote attackers require no privileges, authentication, or user interaction to exploit this vulnerability. By generating and submitting the specified oversized payload to the CLI, they can reliably trigger an application crash, leading to denial of service and disruption of Frigate's functionality.

Advisories and related resources, including an archived Frigate website, an Exploit-DB entry (48613), and a VulnCheck advisory on the Frigate denial of service, provide further details on the issue.

A proof-of-concept exploit is documented on Exploit-DB, demonstrating practical exploitability.

EU & UK References

Vulnerability details

Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 8000 repeated characters and paste it into the application's command…

more

line field to trigger an application crash.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Direct remote exploitation of CLI input handling flaw (CWE-770) to crash the application, matching Application or System Exploitation for Endpoint DoS.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2021-47877Shared CWE-770
CVE-2026-3260Shared CWE-770
CVE-2025-66560Shared CWE-770
CVE-2025-68136Shared CWE-770
CVE-2020-37038Shared CWE-770
CVE-2025-36070Shared CWE-770
CVE-2021-47791Shared CWE-770
CVE-2021-47876Shared CWE-770
CVE-2019-25342Shared CWE-770
CVE-2026-44004Shared CWE-770

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of input size and format on the CLI field to reject oversized payloads before they cause resource exhaustion and application crash.

prevent

Provides denial-of-service protection mechanisms that can limit or throttle excessive resource allocation triggered by malformed CLI input.

prevent

Ensures the application handles erroneous or oversized input gracefully without terminating the entire process.

References