Cyber Resilience

CVE-2020-37124

HighPublic PoC

Published: 05 February 2026

Published
05 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0035 27.1th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2020-37124 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in 4Mhz (inferred from references). Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2020-37124 is a buffer overflow vulnerability (CWE-121) affecting B64dec version 1.1.2. The flaw occurs during the base64 decoding process, where crafted input overwrites the Structured Exception Handler (SEH), enabling attackers to leverage an egg hunter technique and a carefully constructed payload to execute arbitrary code.

The vulnerability is exploitable by remote attackers over the network (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N), and resulting in unchanged scope (S:U) with high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as scored at 9.8 under CVSS v3.1. Successful exploitation allows arbitrary code execution on the target system processing the malicious base64 input.

Advisories and references include the B64dec homepage at http://4mhz.de/b64dec.html, a proof-of-concept exploit published on Exploit-DB at https://www.exploit-db.com/exploits/48317, and a VulnCheck advisory detailing the buffer overflow and SEH overwrite with egg hunter at https://www.vulncheck.com/advisories/bdec-buffer-overflow-seh-overflow-egg-hunter. No patches or specific mitigations are mentioned in the available information.

EU & UK References

Vulnerability details

B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) with crafted input. Attackers can leverage an egg hunter technique and carefully constructed payload to inject and execute malicious code…

more

during base64 decoding process.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote buffer overflow with SEH overwrite directly enables unauthenticated RCE against a network-exposed decoder utility (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-38422Shared CWE-121
CVE-2025-11783Shared CWE-121
CVE-2025-54491Shared CWE-121
CVE-2024-39359Shared CWE-121
CVE-2026-42469Shared CWE-121
CVE-2020-37159Shared CWE-121
CVE-2024-39603Shared CWE-121
CVE-2024-36258Shared CWE-121
CVE-2024-51138Shared CWE-121
CVE-2025-69763Shared CWE-121

Affected Assets

4Mhz
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Implements memory protections like non-executable stacks, ASLR, and stack canaries to block arbitrary code execution via SEH overwrite and egg hunter techniques in buffer overflows.

prevent

Validates base64 decoding inputs to reject crafted payloads that trigger the buffer overflow vulnerability during the decoding process.

prevent

Requires identification, reporting, and remediation of flaws like CVE-2020-37124 through patching, updating, or replacing the vulnerable B64dec 1.1.2 software.

References