CVE-2020-36995 | THREATINT

Description

Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. Attackers can overwrite the 'User' field with 350 bytes of repeated characters to trigger an application crash and prevent normal functionality.

PUBLISHED Reserved 2026-01-27 | Published 2026-01-29 | Updated 2026-01-29 | Assigner VulnCheck

NONE: 0.0CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

4.2

affected

Credits

Luis Martinez finder

References

www.exploit-db.com/exploits/48728 (ExploitDB-48728) exploit

apps.apple.com/us/app/telnet-lite/id286893976 (Official App Store Page for Mocha Telnet Lite) product

www.vulncheck.com/...net-lite-for-ios-user-denial-of-service (VulnCheck Advisory: Mocha Telnet Lite for iOS 4.2 - 'User' Denial of Service) third-party-advisory

cve.org (CVE-2020-36995)

nvd.nist.gov (CVE-2020-36995)

Download JSON