CVE-2020-37182
Published: 11 February 2026
Summary
CVE-2020-37182 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2020-37182 is a stack-based buffer overflow vulnerability (CWE-121) affecting Redir version 3.3 in the doproxyconnect() function. The flaw stems from the use of sprintf() without proper length checking on oversized input, enabling memory overwrite that leads to a segmentation fault and application crash.
The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating it is exploitable remotely over the network by unauthenticated attackers with low complexity and no user interaction. Exploitation causes a denial of service through program termination.
Advisories and related resources include a denial-of-service advisory from Vulncheck at https://www.vulncheck.com/advisories/redir-denial-of-service, a proof-of-concept exploit at https://www.exploit-db.com/exploits/47919, and the project's GitHub repository at https://github.com/troglobit/redir.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-31129
Vulnerability details
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault,…
more
resulting in program termination.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated buffer overflow in public-facing Redir proxy tool directly enables application crash via exploitation (T1190 for public app DoS vector; T1499.004 for endpoint DoS through software exploitation).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents the stack overflow by requiring validation of oversized input before processing in the doproxyconnect() function.
Implements memory safeguards like stack canaries to detect and prevent unauthorized memory overwrites from the sprintf() buffer overflow.
Ensures timely remediation and patching of the known buffer overflow flaw in Redir 3.3 to eliminate the vulnerability.