CVE-2020-37213
Published: 11 February 2026
Summary
CVE-2020-37213 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Co (inferred from references). Its CVSS base score is 6.7 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2020-37213 is a denial of service vulnerability in TextCrawler Pro 3.1.1, caused by a buffer overflow (CWE-120) in the license key field. The issue allows an oversized buffer to crash the application when processed during activation. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high availability impact with network accessibility, low attack complexity, and no requirements for privileges or user interaction.
Any remote attacker can exploit this vulnerability without authentication by generating and pasting a 6000-byte payload into the license activation field, triggering an immediate application crash and denying service to the user.
Advisories and related resources include the vendor site at https://www.digitalvolcano.co.uk/index.html, a proof-of-concept exploit at https://www.exploit-db.com/exploits/47862, and a VulnCheck advisory at https://www.vulncheck.com/advisories/textcrawler-pro-denial-of-service. No patch or specific mitigation details are detailed in the provided information.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-31173
Vulnerability details
TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to…
more
trigger an application crash.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in application license field directly enables application crash via crafted input, matching Endpoint DoS via software exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires validation of license key inputs to reject oversized buffers exceeding defined limits, directly preventing the buffer overflow that crashes the application.
Implements memory protections such as stack canaries, ASLR, and DEP to mitigate buffer overflow vulnerabilities like CWE-120 in the license key field from causing crashes.
Provides denial-of-service protections to limit the impact of oversized input payloads targeting the license activation field and causing application crashes.