CVE-2020-37010

Published: Jan 29, 2026Modified: Jan 29, 2026

8.4

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to overwrite the EIP register and execute shellcode by pasting malicious content into the search keywords field.

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (5)

http://www.bearshareofficial.com/

Source: disclosure@vulncheck.com

http://www.oldversion.com.de/windows/bearshare-lite-5-2-5

Source: disclosure@vulncheck.com

https://www.exploit-db.com/exploits/48839

Source: disclosure@vulncheck.com

https://www.vulncheck.com/advisories/bearshare-lite-advanced-searchbuffer-overflow-in-poc

Source: disclosure@vulncheck.com

https://www.exploit-db.com/exploits/48839

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Timeline

No history available yet.