Cyber Resilience

CVE-2020-37066

HighPublic PoC

Published: 03 February 2026

Published
03 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0035 26.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-37066 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Goldwave (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 26.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2020-37066 is a stack-based buffer overflow vulnerability (CWE-121) in GoldWave version 5.70, specifically within the File Open URL dialog. The flaw enables attackers to execute arbitrary code through malicious input, such as a specially crafted text file containing Unicode-encoded shellcode. When processed, this input triggers the overflow. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H), reflecting critical severity due to its network vector, low complexity, lack of required privileges or user interaction, and high impacts across confidentiality, integrity, and availability.

Attackers can exploit CVE-2020-37066 remotely without privileges by generating and distributing a malicious text file. A targeted user opening the file in GoldWave 5.70 triggers the stack-based overflow, allowing the attacker to execute arbitrary commands on the victim's system.

Advisories and related resources include a proof-of-concept exploit published on Exploit-DB at https://www.exploit-db.com/exploits/48510, the vendor site at https://www.goldwave.com/, and a VulnCheck advisory detailing the GoldWave buffer overflow with SEH and Unicode aspects at https://www.vulncheck.com/advisories/goldwave-buffer-overflow-seh-unicode. The CVE was published on 2026-02-03T22:16:21.440.

EU & UK References

Vulnerability details

GoldWave 5.70 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting malicious input in the File Open URL dialog. Attackers can generate a specially crafted text file with Unicode-encoded shellcode to trigger a stack-based overflow…

more

and execute commands when the file is opened.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Stack buffer overflow in client app enables arbitrary code execution triggered by opening a crafted malicious file (Unicode shellcode).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22923Shared CWE-121
CVE-2021-47881Shared CWE-121
CVE-2026-0660Shared CWE-121
CVE-2026-42468Shared CWE-121
CVE-2026-27267Shared CWE-121
CVE-2025-54483Shared CWE-121
CVE-2026-34690Shared CWE-121
CVE-2026-5654Shared CWE-121
CVE-2025-24075Shared CWE-121
CVE-2025-21128Shared CWE-121

Affected Assets

Goldwave
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the stack-based buffer overflow vulnerability in GoldWave 5.70 by requiring timely patching or replacement of the affected software version.

prevent

Mandates validation of inputs to the File Open URL dialog, preventing buffer overflows from maliciously crafted text files with Unicode-encoded shellcode.

prevent

Implements memory protections such as DEP, ASLR, and stack canaries to block arbitrary code execution even if the buffer overflow in GoldWave is triggered.

References