CVE-2020-37197 – CVE-2020-37197 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2020-37197?

CVE-2020-37197 has a CVSS score of 7.5 (HIGH). CVE-2020-37197 is a buffer overflow vulnerability in Dnss Domain Name Search Software that allows attackers to cause denial of service by crashing the application. Attackers can exploit this by sending overly long input to the 'Name' field during registration. This affects all users running vulnerable versions of the software.

📋 TL;DR

CVE-2020-37197 is a buffer overflow vulnerability in Dnss Domain Name Search Software that allows attackers to cause denial of service by crashing the application. Attackers can exploit this by sending overly long input to the 'Name' field during registration. This affects all users running vulnerable versions of the software.

💻 Affected Systems

Products:

Dnss Domain Name Search Software

Versions: All versions prior to patched release

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the registration functionality which is typically accessible to users.

📦 What is this software?

Domain Name Search Software by Nsasoft

View all CVEs affecting Domain Name Search Software →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete application crash leading to service disruption, potentially affecting domain name search functionality for all users.

🟠

Likely Case

Application crashes when malicious input is received, requiring manual restart and causing temporary service interruption.

🟢

If Mitigated

With input validation controls, the attack would be blocked before reaching the vulnerable code.

🌐 Internet-Facing: HIGH - The vulnerability can be exploited remotely without authentication via the registration interface.

🏢 Internal Only: MEDIUM - Internal users could also exploit this, but external attackers pose greater risk.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor website for latest version

Vendor Advisory: http://www.nsauditor.com/

Restart Required: Yes

Instructions:

1. Visit http://www.nsauditor.com/
2. Download latest version of Dnss Domain Name Search Software
3. Install the update
4. Restart the application

🔧 Temporary Workarounds

Input Validation Filter

all

Implement input validation to restrict 'Name' field length to reasonable limits

Implement input validation in application code: if len(name_input) > 100: reject_input()

Network Filtering

all

Block or monitor traffic containing suspiciously long registration requests

🧯 If You Can't Patch

Disable registration functionality if not required
Implement web application firewall (WAF) rules to block requests with overly long 'Name' parameters

🔍 How to Verify

Check if Vulnerable:

Test by entering a 1000+ character string in the registration name field and observe if application crashes

Check Version:

Check Help > About in the application interface

Verify Fix Applied:

Attempt the same buffer overflow test after patching - application should handle input gracefully

📡 Detection & Monitoring

Log Indicators:

Application crash logs
Error messages related to buffer overflow or memory access violations
Unusually long input strings in registration logs

Network Indicators:

HTTP POST requests with 'Name' parameter exceeding normal length (1000+ characters)
Multiple rapid registration attempts

SIEM Query:

source="application_logs" AND ("buffer overflow" OR "access violation" OR "crash") AND process="dnss.exe"

📊 Metadata

CVE ID: CVE-2020-37197

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

EPSS Score: 0.03% exploit probability (7.4th percentile)

Published: February 11, 2026

Last Updated: February 26, 2026

🔗 References

http://www.nsauditor.com/ Product
https://www.exploit-db.com/exploits/47861 Exploit,VDB Entry
https://www.vulncheck.com/advisories/dnss-domain-name-search-software-name-denial-of-service Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-37197, you might also want to check these: