CVE-2019-25478
Received Received - Intake
Buffer Overflow in GetGo Download Manager Causes DoS

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: VulnCheck

Description
GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it unavailable.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-15
NVD
CVE-2019-25478
EUVD
EUVD-2019-19758
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
getgo download_manager 6.2.2.3300
getgo getgo_download_manager to 6.2.2.3300 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25478 is a buffer overflow vulnerability in GetGo Download Manager version 6.2.2.3300 and earlier. It occurs because the software improperly handles HTTP response headers. An attacker can send HTTP responses with excessively long header values, causing an out-of-bounds write that leads to a buffer overflow.

This buffer overflow results in a denial of service (DoS) condition by crashing the application and making it unavailable.

Impact Analysis

This vulnerability can be exploited remotely without any authentication or user interaction.

An attacker can cause the GetGo Download Manager application to crash by sending malicious HTTP responses with oversized headers, resulting in a denial of service (DoS). This makes the application unavailable to the user.

The impact is high on availability, meaning the software cannot function properly while under attack.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by monitoring for HTTP responses with excessively long header values that may cause the GetGo Download Manager to crash.

A practical detection method involves simulating or capturing HTTP responses with very long headers to see if the application becomes unresponsive or crashes.

For example, using a Python script to bind a socket to port 80 and send an HTTP response with a very long header or status line (e.g., 6000 characters) can test if the vulnerability is present.

Network monitoring tools can also be used to detect unusually large HTTP header sizes in traffic to the affected application.

Mitigation Strategies

Immediate mitigation steps include avoiding exposure of the GetGo Download Manager to untrusted networks where malicious HTTP responses with oversized headers could be received.

If possible, restrict or block incoming HTTP responses from untrusted sources or use network-level filtering to limit unusually large HTTP headers.

Monitor for application crashes and consider disabling or uninstalling the vulnerable version (6.2.2.3300 or earlier) until a patch or update is available.

Implement network intrusion detection systems (IDS) or web application firewalls (WAF) that can detect and block HTTP responses with abnormally large headers.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25478. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart