CVE-2020-37197

MEDIUM EPSS 40.4%
Published Feb 11, 20264mo ago · Modified Feb 26, 20264mo ago
4.6 CVSS 4.0
Medium
Find Similar
Published Feb 11, 2026 4mo ago
Last Modified Feb 26, 2026 4mo ago

Description

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.

CVSS Details

Base Score
4.6
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction A
Scope X

Threat Intelligence

EPSS Exploit Probability
40.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-120

Affected Products 1

VendorProductVersionRange
nsasoftdomain_name_search_software*any

References 3

  • nsauditor.com http://www.nsauditor.com/
    Product
  • exploit-db.com https://www.exploit-db.com/exploits/47861
    ExploitVDB Entry
  • vulncheck.com https://www.vulncheck.com/advisories/dnss-domain-name-search-software-name-denial-of-service
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.