CVE-2020-37197

HighPublic PoC

Published: 11 February 2026

Published

11 February 2026

Modified

26 February 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0001 2.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37197 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Nsasoft Domain Name Search Software. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 2.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

SC-27 Platform-independent Applications

addresses: CWE-120

Platform-independent managed code eliminates the need for unchecked native buffer copies that are the root cause of classic buffer overflows.

NVD Description

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to…

trigger an application crash.

Deeper analysisAI

CVE-2020-37197 is a denial-of-service vulnerability in Dnss Domain Name Search Software, stemming from a buffer overflow in the 'Name' input field. Attackers can overflow this field, specifically the registration name field, by submitting a 1000-character payload, causing the application to crash. The vulnerability is classified under CWE-120 (Buffer Copy without Checking Size of Input) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.

Remote attackers require no privileges or user interaction to exploit this issue over the network with low complexity. By generating and pasting a 1000-character buffer payload into the registration name field, they can reliably trigger an application crash, resulting in a denial of service that disrupts the software's functionality.

Advisories and related resources, including those from Vulncheck and an Exploit-DB proof-of-concept at https://www.exploit-db.com/exploits/47861, document the vulnerability but do not specify patches or detailed mitigation steps in the available information. Security practitioners should review the references at http://www.nsauditor.com/ and https://www.vulncheck.com/advisories/dnss-domain-name-search-software-name-denial-of-service for any updates on remediation.

Details

CWE(s): CWE-120

Affected Products

nsasoft

domain name search software

all versions

CVEs Like This One

CVE-2020-37196Same product: Nsasoft Domain Name Search Software

CVE-2020-37207Same vendor: Nsasoft

CVE-2020-37130Same vendor: Nsasoft

CVE-2020-37212Same vendor: Nsasoft

CVE-2021-47814Same vendor: Nsasoft

CVE-2020-37201Same vendor: Nsasoft

CVE-2020-37206Same vendor: Nsasoft

CVE-2020-37199Same vendor: Nsasoft

CVE-2020-37211Same vendor: Nsasoft

CVE-2021-47815Same vendor: Nsasoft

References

http://www.nsauditor.com/
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/47861
Exploit, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/dnss-domain-name-search-software-name-denial-of-service
Third Party Advisory · disclosure@vulncheck.com