Home

Description

SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive.

PUBLISHED Reserved 2026-02-10 | Published 2026-02-11 | Updated 2026-02-12 | Assigner VulnCheck




MEDIUM: 4.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

1.2.6
affected

Credits

Ismail Tasdelen finder

References

www.exploit-db.com/exploits/47906 (ExploitDB-47906) exploit

www.nsauditor.com/ (Vendor Homepage) product

www.vulncheck.com/...ries/spotoutlook-name-denial-of-service (VulnCheck Advisory: SpotOutlook 1.2.6 - 'Name' Denial of Service) third-party-advisory

cve.org (CVE-2020-37188)

nvd.nist.gov (CVE-2020-37188)

Download JSON