CVE-2020-37130
Published: 05 February 2026
Summary
CVE-2020-37130 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Nsasoft Nsauditor. Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 10.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2020-37130 is a denial of service vulnerability in Nsauditor 3.2.0.0, specifically affecting the registration name input field. Attackers can trigger an application crash by pasting a malicious payload of 1000 bytes of repeated characters into this field. The flaw is associated with CWE-120 and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high availability impact with no confidentiality or integrity effects.
Any unauthenticated attacker (PR:N) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction required (UI:N). Exploitation leads to a complete denial of service by crashing the Nsauditor application, disrupting its functionality for the targeted user.
References for this CVE include the vendor site at http://www.nsauditor.com, a proof-of-concept exploit at https://www.exploit-db.com/exploits/48286, and an advisory from VulnCheck at https://www.vulncheck.com/advisories/nsauditor-name-denial-of-service. No specific patch or mitigation details are provided in the available information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-31026
Vulnerability details
Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of 1000 bytes of repeated characters to trigger an application crash when pasted…
more
into the registration name field.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in input field directly enables remote application crash (CWE-120), mapping to Endpoint DoS via exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-10 directly prevents crashes by requiring validation of inputs like the registration name field against oversized payloads such as 1000 bytes of repeated characters.
SI-2 mandates timely flaw remediation to patch the buffer overflow vulnerability in Nsauditor's registration name input handling.
SC-5 limits the effects of denial-of-service events like application crashes triggered by malicious inputs over the network.