CVE-2020-37196 Nsasoft CVE debrief

Who should care

Security teams and administrators responsible for Dnss Domain Name Search Software should be aware of this vulnerability. They should assess their exposure and apply necessary mitigations to prevent denial of service attacks. This vulnerability can be exploited by attackers to crash the application, potentially disrupting service.

Technical summary

CVE-2020-37196 is a denial of service vulnerability in Dnss Domain Name Search Software. The vulnerability allows an attacker to crash the application by providing an oversized registration key. A 1000-character buffer payload can be used to trigger the crash. The vulnerability has a CVSS score of 4.6 and a severity of MEDIUM. The CVSS vector is CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

Apply patches or updates provided by the vendor to fix the vulnerability. Limit access to the registration key field to prevent unauthorized modifications.

Recommended defensive actions

• Apply patches or updates provided by Nsasoft to fix the vulnerability.
• Limit access to the registration key field to prevent unauthorized modifications.
• Monitor the application for unusual activity, such as repeated crashes.
• Consider implementing additional security controls, such as input validation and error handling.
• Review and update incident response plans to address potential denial of service attacks.

Evidence notes

The CVE-2020-37196 vulnerability was published on 2026-02-11T21:16:14.127Z and last modified on 2026-06-29T18:29:43.417Z. The vulnerability has a CVSS score of 4.6 and a severity of MEDIUM. The CVSS vector is CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Official resources