📧 info@ciso.sa | 📱 +966550939344 | Riyadh, Kingdom of Saudi Arabia
About FAQ Contact Us Terms of Service Privacy Policy 🌐 العربية
🔐

Welcome — Sign in or create an account for full access.

🔑 Sign In ✨ Register
🌐 العربية Sign In Create Account
🔧 Scheduled Maintenance — Saturday 2:00-4:00 AM AST. Some features may be temporarily unavailable.    ●   
💎
Pro Plan 50% Off Unlock all AI features, unlimited reports, and priority support. Upgrade
Search Center
ESC to close
navigate open Ctrl+K search
CISO Consulting
Global vulnerability Enterprise Software / Data Analytics CRITICAL 42m Global vulnerability Artificial Intelligence and Technology HIGH 4h Global general Technology and Artificial Intelligence MEDIUM 7h Global general Technology and Artificial Intelligence HIGH 8h Global vulnerability Higher Education CRITICAL 17h Global data_breach Government HIGH 18h Global supply_chain Software Development and Open Source Communities CRITICAL 18h Global malware Software Development CRITICAL 18h Global phishing Multiple Sectors HIGH 19h Global vulnerability Web Applications CRITICAL 19h Global vulnerability Enterprise Software / Data Analytics CRITICAL 42m Global vulnerability Artificial Intelligence and Technology HIGH 4h Global general Technology and Artificial Intelligence MEDIUM 7h Global general Technology and Artificial Intelligence HIGH 8h Global vulnerability Higher Education CRITICAL 17h Global data_breach Government HIGH 18h Global supply_chain Software Development and Open Source Communities CRITICAL 18h Global malware Software Development CRITICAL 18h Global phishing Multiple Sectors HIGH 19h Global vulnerability Web Applications CRITICAL 19h Global vulnerability Enterprise Software / Data Analytics CRITICAL 42m Global vulnerability Artificial Intelligence and Technology HIGH 4h Global general Technology and Artificial Intelligence MEDIUM 7h Global general Technology and Artificial Intelligence HIGH 8h Global vulnerability Higher Education CRITICAL 17h Global data_breach Government HIGH 18h Global supply_chain Software Development and Open Source Communities CRITICAL 18h Global malware Software Development CRITICAL 18h Global phishing Multiple Sectors HIGH 19h Global vulnerability Web Applications CRITICAL 19h
Vulnerabilities

CVE-2020-37196

High ⚡ Exploit Available
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-cha
CWE-120 — Weakness Type
Published: Feb 11, 2026  ·  Modified: Feb 28, 2026  ·  Source: NVD
CVSS v3
7.5
🔗 NVD Official
📄 Description (English)

Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.

🤖 AI Executive Summary

CVE-2020-37196 is a denial of service vulnerability in Dnss Domain Name Search Software that allows attackers to crash the application by submitting an oversized registration key (1000+ characters). With a CVSS score of 7.5 and publicly available exploits, this vulnerability poses a significant availability risk to organizations using this software. A patch is available and should be applied immediately to prevent service disruption.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 30, 2026 19:36
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability primarily impacts Saudi organizations in the telecommunications sector (STC, Mobily) and ISPs that may use Dnss Domain Name Search Software for DNS management and domain registration services. Government agencies (NCA, CITC) managing critical DNS infrastructure and financial institutions relying on domain name services for online banking platforms are also at risk. The denial of service capability could disrupt critical domain name resolution services, affecting business continuity and customer access to online services.
🏢 Affected Saudi Sectors
Telecommunications (STC, Mobily, Zain) Internet Service Providers Government (NCA, CITC) Banking and Financial Services Healthcare (MOH) Energy Sector
⚖️ Saudi Risk Score (AI)
7.2
/ 10.0
🔧 Remediation Steps (English)
1. IMMEDIATE ACTIONS:

   - Identify all systems running Dnss Domain Name Search Software in your environment

   - Implement network-level input validation to reject registration key submissions exceeding 256 characters

   - Restrict access to the registration key field to authorized administrators only

   - Monitor application logs for repeated failed registration attempts or oversized input submissions



2. PATCHING GUIDANCE:

   - Download and apply the latest patch from NSA Soft immediately

   - Test the patch in a non-production environment before deployment

   - Schedule patching during maintenance windows to minimize service disruption

   - Verify patch installation by checking application version and testing with oversized input



3. COMPENSATING CONTROLS (if patch unavailable):

   - Deploy Web Application Firewall (WAF) rules to block requests with registration keys exceeding safe length limits

   - Implement rate limiting on registration key submission endpoints

   - Use application-level input validation to truncate or reject oversized keys



4. DETECTION RULES:

   - Monitor for HTTP requests with registration key parameters exceeding 256 characters

   - Alert on application crash events correlated with registration key submissions

   - Track failed registration attempts with unusual input patterns

   - Log all registration key modifications for audit purposes
🔧 خطوات المعالجة (العربية)
1. الإجراءات الفورية:

   - تحديد جميع الأنظمة التي تقوم بتشغيل برنامج Dnss Domain Name Search Software في بيئتك

   - تطبيق التحقق من صحة المدخلات على مستوى الشبكة لرفض تقديمات مفتاح التسجيل التي تتجاوز 256 حرفاً

   - تقييد الوصول إلى حقل مفتاح التسجيل للمسؤولين المصرحين فقط

   - مراقبة سجلات التطبيق للمحاولات المتكررة الفاشلة أو تقديمات المدخلات المفرطة



2. إرشادات التصحيح:

   - تحميل وتطبيق أحدث تصحيح من NSA Soft فوراً

   - اختبار التصحيح في بيئة غير إنتاجية قبل النشر

   - جدولة التصحيح خلال نوافذ الصيانة لتقليل انقطاع الخدمة

   - التحقق من تثبيت التصحيح بفحص إصدار التطبيق واختباره بمدخلات مفرطة



3. الضوابط البديلة (إذا لم يتوفر التصحيح):

   - نشر قواعد جدار حماية تطبيقات الويب (WAF) لحجب الطلبات التي تحتوي على مفاتيح تسجيل تتجاوز حدود الطول الآمن

   - تطبيق تحديد معدل على نقاط نهاية تقديم مفتاح التسجيل

   - استخدام التحقق من صحة المدخلات على مستوى التطبيق لقطع أو رفض المفاتيح المفرطة



4. قواعد الكشف:

   - مراقبة طلبات HTTP مع معاملات مفتاح التسجيل التي تتجاوز 256 حرفاً

   - التنبيه على أحداث انهيار التطبيق المرتبطة بتقديمات مفتاح التسجيل

   - تتبع محاولات التسجيل الفاشلة مع أنماط مدخلات غير عادية

   - تسجيل جميع تعديلات مفتاح التسجيل لأغراض التدقيق
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.12.2.1 - Change management procedures ECC 2024 A.12.1.2 - Monitoring of system use
🔵 SAMA CSF
SAMA CSF ID.BE-1 - Asset management and inventory SAMA CSF PR.IP-3 - Configuration management SAMA CSF DE.CM-1 - System monitoring and anomaly detection
🟡 ISO 27001:2022
ISO 27001:2022 A.12.2.1 - Change management ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities ISO 27001:2022 A.14.2.1 - Secure development policy
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security patches and updates PCI DSS 11.2 - Vulnerability scanning
📦 Affected Products / CPE 1 entries
nsasoft:domain_name_search_software:-
📊 CVSS Score
7.5
/ 10.0 — High
📊 CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack VectorN — None / Network
Attack ComplexityL — Low / Local
Privileges RequiredN — None / Network
User InteractionN — None / Network
ScopeU — Unchanged
ConfidentialityN — None / Network
IntegrityN — None / Network
AvailabilityH — High
📋 Quick Facts
Severity High
CVSS Score7.5
CWECWE-120
EPSS0.04%
Exploit ✓ Yes
Patch ✓ Yes
Published 2026-02-11
Source Feed nvd
Views 5
🇸🇦 Saudi Risk Score
7.2
/ 10.0 — Saudi Risk
Priority: HIGH
🏷️ Tags
exploit-available CWE-120
⚡ Actions
🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details
Share this CVE
LinkedIn X / Twitter WhatsApp Telegram

💬 Comments

0
Loading comments
📣 Found this valuable?
Share it with your cybersecurity network
in LinkedIn 𝕏 X / Twitter 💬 WhatsApp ✈ Telegram
🍪 Privacy Preferences
CISO Consulting — Compliant with Saudi Personal Data Protection Law (PDPL)
We use cookies and similar technologies to provide the best experience on our platform. You can choose which types you accept.
🔒
Essential Always On
Required for the website to function properly. Cannot be disabled.
📋 Sessions, CSRF tokens, authentication, language preferences
📊
Analytics
Help us understand how visitors use the site and improve performance.
📋 Page views, session duration, traffic sources, performance metrics
⚙️
Functional
Enable enhanced features like content personalization and preferences.
📋 Dark/light theme, font size, custom dashboards, saved filters
📣
Marketing
Used to deliver content and ads relevant to your interests.
📋 Campaign tracking, retargeting, social media analytics
Privacy Policy →
CISO AI Assistant
Ask anything · Documents · Support
🔐

Introduce Yourself

Enter your details to access the full assistant

Your info is private and never shared
💬
CyberAssist
Online · responds in seconds
5 / 5
🔐 Verify Your Identity

Enter your email to receive a verification code before submitting a support request.

Enter to send · / for commands 0 / 2000
CISO AI · Powered by Anthropic Claude
✦ Quick Survey Help Us Improve CISO Consulting Your feedback shapes the future of our platform — takes less than 2 minutes.
⚠ Please answer this question to continue

How would you rate your overall experience with our platform?

Rate from 1 (poor) to 5 (excellent)

🎉
Thank you!
Your response has been recorded.