Cyber Resilience

CVE-2020-37213

MediumPublic PoC

Published: 11 February 2026

Published
11 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0004 13.1th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-37213 is a medium-severity Classic Buffer Overflow (CWE-120) vulnerability in Co (inferred from references). Its CVSS base score is 6.7 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 13.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2020-37213 is a denial of service vulnerability in TextCrawler Pro 3.1.1, caused by a buffer overflow (CWE-120) in the license key field. The issue allows an oversized buffer to crash the application when processed during activation. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high availability impact with network accessibility, low attack complexity, and no requirements for privileges or user interaction.

Any remote attacker can exploit this vulnerability without authentication by generating and pasting a 6000-byte payload into the license activation field, triggering an immediate application crash and denying service to the user.

Advisories and related resources include the vendor site at https://www.digitalvolcano.co.uk/index.html, a proof-of-concept exploit at https://www.exploit-db.com/exploits/47862, and a VulnCheck advisory at https://www.vulncheck.com/advisories/textcrawler-pro-denial-of-service. No patch or specific mitigation details are detailed in the provided information.

EU & UK References

Vulnerability details

TextCrawler Pro 3.1.1 contains a denial of service vulnerability that allows attackers to crash the application by sending an oversized buffer in the license key field. Attackers can generate a 6000-byte payload and paste it into the activation field to…

more

trigger an application crash.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Buffer overflow in application license field directly enables application crash via crafted input, matching Endpoint DoS via software exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-20115Shared CWE-120
CVE-2020-37205Shared CWE-120
CVE-2026-28875Shared CWE-120
CVE-2020-37194Shared CWE-120
CVE-2020-37180Shared CWE-120
CVE-2024-24419Shared CWE-120
CVE-2019-25353Shared CWE-120
CVE-2026-30075Shared CWE-120
CVE-2021-47798Shared CWE-120
CVE-2020-37215Shared CWE-120

Affected Assets

Co
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires validation of license key inputs to reject oversized buffers exceeding defined limits, directly preventing the buffer overflow that crashes the application.

prevent

Implements memory protections such as stack canaries, ASLR, and DEP to mitigate buffer overflow vulnerabilities like CWE-120 in the license key field from causing crashes.

prevent

Provides denial-of-service protections to limit the impact of oversized input payloads targeting the license activation field and causing application crashes.

References