CVE-2019-25478
Buffer Overflow in GetGo Download Manager Causes DoS
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| getgo | download_manager | 6.2.2.3300 |
| getgo | getgo_download_manager | to 6.2.2.3300 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25478 is a buffer overflow vulnerability in GetGo Download Manager version 6.2.2.3300 and earlier. It occurs because the software improperly handles HTTP response headers. An attacker can send HTTP responses with excessively long header values, causing an out-of-bounds write that leads to a buffer overflow.
This buffer overflow results in a denial of service (DoS) condition by crashing the application and making it unavailable.
How can this vulnerability impact me? :
This vulnerability can be exploited remotely without any authentication or user interaction.
An attacker can cause the GetGo Download Manager application to crash by sending malicious HTTP responses with oversized headers, resulting in a denial of service (DoS). This makes the application unavailable to the user.
The impact is high on availability, meaning the software cannot function properly while under attack.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for HTTP responses with excessively long header values that may cause the GetGo Download Manager to crash.
A practical detection method involves simulating or capturing HTTP responses with very long headers to see if the application becomes unresponsive or crashes.
For example, using a Python script to bind a socket to port 80 and send an HTTP response with a very long header or status line (e.g., 6000 characters) can test if the vulnerability is present.
Network monitoring tools can also be used to detect unusually large HTTP header sizes in traffic to the affected application.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding exposure of the GetGo Download Manager to untrusted networks where malicious HTTP responses with oversized headers could be received.
If possible, restrict or block incoming HTTP responses from untrusted sources or use network-level filtering to limit unusually large HTTP headers.
Monitor for application crashes and consider disabling or uninstalling the vulnerable version (6.2.2.3300 or earlier) until a patch or update is available.
Implement network intrusion detection systems (IDS) or web application firewalls (WAF) that can detect and block HTTP responses with abnormally large headers.