Cyber Resilience

CVE-2020-37180

MediumPublic PoC

Published: 11 February 2026

Published
11 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 4.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0003 10.0th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37180 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Nsauditor (inferred from references). Its CVSS base score is 4.6 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 10.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-9 (Information Input Restrictions).

Deeper analysis

CVE-2020-37180 is a denial-of-service vulnerability in GTalk Password Finder version 2.2.1, stemming from CWE-120 (buffer copy without checking size of input). The flaw allows attackers to crash the application by supplying an oversized registration key, such as a 1000-character payload pasted into the 'Key' field. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity with network accessibility, low complexity, and no privileges required.

Any unauthenticated attacker can exploit this vulnerability by generating and delivering the oversized payload to a target system running the affected software. Successful exploitation results in an application crash, denying service to legitimate users of GTalk Password Finder.

Advisories and related resources, including a proof-of-concept on Exploit-DB (exploit 47942) and a Vulncheck advisory, detail the issue but provide no specific information on patches or mitigations in the available references. Practitioners should avoid using this outdated software and monitor for updates from the vendor site at nsauditor.com.

EU & UK References

Vulnerability details

GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application…

more

crash.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow in desktop app registration field directly enables application crash via exploitation, matching T1499.004 Endpoint Denial of Service (Application or System Exploitation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-20115Shared CWE-120
CVE-2020-37205Shared CWE-120
CVE-2026-28875Shared CWE-120
CVE-2020-37194Shared CWE-120
CVE-2024-24419Shared CWE-120
CVE-2019-25353Shared CWE-120
CVE-2026-30075Shared CWE-120
CVE-2020-37213Shared CWE-120
CVE-2021-47798Shared CWE-120
CVE-2020-37215Shared CWE-120

Affected Assets

Nsauditor
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents the buffer overflow DoS by validating the size and integrity of oversized registration key inputs before processing.

prevent

Enforces length restrictions on the 'Key' field input to block 1000-character payloads that trigger the application crash.

preventrecover

Limits the impact and effects of the denial-of-service crash caused by oversized inputs, potentially with automatic restarts.

References