CVE-2020-37197
Published: 11 February 2026
Summary
CVE-2020-37197 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Nsasoft Domain Name Search Software. Its CVSS base score is 4.6 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2020-37197 is a denial-of-service vulnerability in Dnss Domain Name Search Software, stemming from a buffer overflow in the 'Name' input field. Attackers can overflow this field, specifically the registration name field, by submitting a 1000-character payload, causing the application to crash. The vulnerability is classified under CWE-120 (Buffer Copy without Checking Size of Input) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impact.
Remote attackers require no privileges or user interaction to exploit this issue over the network with low complexity. By generating and pasting a 1000-character buffer payload into the registration name field, they can reliably trigger an application crash, resulting in a denial of service that disrupts the software's functionality.
Advisories and related resources, including those from Vulncheck and an Exploit-DB proof-of-concept at https://www.exploit-db.com/exploits/47861, document the vulnerability but do not specify patches or detailed mitigation steps in the available information. Security practitioners should review the references at http://www.nsauditor.com/ and https://www.vulncheck.com/advisories/dnss-domain-name-search-software-name-denial-of-service for any updates on remediation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-31191
Vulnerability details
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to…
more
trigger an application crash.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in network-accessible input field directly enables remote application crash via exploitation, mapping to Endpoint DoS subtechnique.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of input size and format on the registration name field, blocking the 1000-character buffer overflow that triggers the crash.
Enforces memory protections that can contain or prevent exploitation of the unchecked buffer copy (CWE-120) in the Name field.
Requires timely remediation of the identified buffer-overflow flaw in Dnss software before attackers can submit the malicious payload.