CVE-2020-37180
Published: 11 February 2026
Summary
CVE-2020-37180 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Nsauditor (inferred from references). Its CVSS base score is 4.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 10.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-9 (Information Input Restrictions).
Deeper analysis
CVE-2020-37180 is a denial-of-service vulnerability in GTalk Password Finder version 2.2.1, stemming from CWE-120 (buffer copy without checking size of input). The flaw allows attackers to crash the application by supplying an oversized registration key, such as a 1000-character payload pasted into the 'Key' field. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high severity with network accessibility, low complexity, and no privileges required.
Any unauthenticated attacker can exploit this vulnerability by generating and delivering the oversized payload to a target system running the affected software. Successful exploitation results in an application crash, denying service to legitimate users of GTalk Password Finder.
Advisories and related resources, including a proof-of-concept on Exploit-DB (exploit 47942) and a Vulncheck advisory, detail the issue but provide no specific information on patches or mitigations in the available references. Practitioners should avoid using this outdated software and monitor for updates from the vendor site at nsauditor.com.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-31132
Vulnerability details
GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application…
more
crash.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in desktop app registration field directly enables application crash via exploitation, matching T1499.004 Endpoint Denial of Service (Application or System Exploitation).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents the buffer overflow DoS by validating the size and integrity of oversized registration key inputs before processing.
Enforces length restrictions on the 'Key' field input to block 1000-character payloads that trigger the application crash.
Limits the impact and effects of the denial-of-service crash caused by oversized inputs, potentially with automatic restarts.