Cyber Posture

CVE-2020-37124

CriticalPublic PoC

Published: 05 February 2026

Published
05 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0008 22.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37124 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in 4Mhz (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 22.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-16 Memory Protection good match
prevent

Implements memory protections like non-executable stacks, ASLR, and stack canaries to block arbitrary code execution via SEH overwrite and egg hunter techniques in buffer overflows.

SI-10 Information Input Validation good match
prevent

Validates base64 decoding inputs to reject crafted payloads that trigger the buffer overflow vulnerability during the decoding process.

SI-2 Flaw Remediation good match
prevent

Requires identification, reporting, and remediation of flaws like CVE-2020-37124 through patching, updating, or replacing the vulnerable B64dec 1.1.2 software.

NVD Description

B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code…

more

during base64 decoding process.

Deeper analysisAI

CVE-2020-37124 is a buffer overflow vulnerability (CWE-121) affecting B64dec version 1.1.2. The flaw occurs during the base64 decoding process, where crafted input overwrites the Structured Exception Handler (SEH), enabling attackers to leverage an egg hunter technique and a carefully constructed payload to execute arbitrary code.

The vulnerability is exploitable by remote attackers over the network (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N), and resulting in unchanged scope (S:U) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as scored at 9.8 under CVSS v3.1. Successful exploitation allows arbitrary code execution on the target system processing the malicious base64 input.

Advisories and references include the B64dec homepage at http://4mhz.de/b64dec.html, a proof-of-concept exploit published on Exploit-DB at https://www.exploit-db.com/exploits/48317, and a VulnCheck advisory detailing the buffer overflow and SEH overwrite with egg hunter at https://www.vulncheck.com/advisories/bdec-buffer-overflow-seh-overflow-egg-hunter. No patches or specific mitigations are mentioned in the available information.

Details

CWE(s)
CWE-121

Affected Products

4Mhz
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-70219Shared CWE-121
CVE-2026-29972Shared CWE-121
CVE-2025-60690Shared CWE-121
CVE-2026-4444Shared CWE-121
CVE-2025-61128Shared CWE-121
CVE-2019-25319Shared CWE-121
CVE-2026-22923Shared CWE-121
CVE-2025-69195Shared CWE-121
CVE-2026-22904Shared CWE-121
CVE-2024-43663Shared CWE-121

References