CVE-2020-37182

HIGH

Redir 3.3 - Denial of Service via Stack Overflow in doproxyconnect()

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37182. PoCs published by hieubl.

AI-analyzed exploit summary This exploit demonstrates a stack-based buffer overflow in the `doproxyconnect` function of Redir 3.3, leading to a denial-of-service (DoS) condition. The PoC uses a long string to overflow the buffer, causing a segmentation fault.

Description

Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in program termination.

Exploits (1)

exploitdb WORKING POC
by hieubl · textdoslinux
https://www.exploit-db.com/exploits/47919

This exploit demonstrates a stack-based buffer overflow in the `doproxyconnect` function of Redir 3.3, leading to a denial-of-service (DoS) condition. The PoC uses a long string to overflow the buffer, causing a segmentation fault.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Redir 3.3
No auth needed
Prerequisites: Redir 3.3 installed and running · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47919
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/redir-denial-of-service

Scores

CVSS v3 7.5
EPSS 0.0048
EPSS Percentile 37.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-121
Status published
Products (1)
troglobit/Redir 3.3
Published Feb 11, 2026
Tracked Since Feb 18, 2026