CVE-2020-37182
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in program termination.
AnalysisAI
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. [CVSS 7.5 HIGH]
Technical ContextAI
Classified as CWE-121 (Stack-based Buffer Overflow). Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in program termination.
Affected ProductsAI
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today