CVE-2020-37049
Published: 30 January 2026
Summary
CVE-2020-37049 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 10.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2020-37049 is a local buffer overflow vulnerability (CWE-120) in Frigate version 3.36.0.9, specifically affecting the Command Line input field. This flaw enables attackers to execute arbitrary code by crafting a malicious payload that overflows the buffer. The vulnerability has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H).
Local attackers can exploit this vulnerability with low complexity and no privileges or user interaction required. By providing a specially crafted input sequence, they can overflow the buffer, bypass DEP, and achieve arbitrary code execution, such as launching calc.exe.
Advisories and related resources include a Vulncheck advisory detailing the Frigate command line local buffer overflow, an Exploit-DB entry (48563) with exploit code, and an archived Frigate website.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-30932
Vulnerability details
Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through…
more
a specially crafted input sequence.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local buffer overflow in command-line input directly enables arbitrary code execution without privileges, mapping to exploitation for privilege escalation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of command line inputs to prevent buffer overflows from specially crafted payloads.
Implements memory protections like DEP and stack canaries to mitigate exploitation of buffer overflows even if bypass attempts are made.
Mandates timely remediation of known flaws like this buffer overflow vulnerability through patching Frigate to a non-vulnerable version.