Description
GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it unavailable.
Published: 2026-03-11
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

GetGo Download Manager version 6.2.2.3300 contains a buffer overflow (CWE‑787) that allows remote attackers to trigger a denial of service. The vulnerability is triggered when the application receives HTTP responses with header values that exceed the buffer size, causing the program to crash and become unavailable. The primary impact is a loss of availability of the application.

Affected Systems

Affected vendor: Getgosoft; affected product: GetGo Download Manager; affected version: 6.2.2.3300. No additional version ranges are provided.

Risk and Exploitability

The CVSS score is 8.7, indicating high severity. The EPSS score is <1%, suggesting low likelihood of exploitation in the wild, and the issue is not listed in CISA’s KEV catalog. Exploitation requires an attacker control over a remote HTTP service that can deliver excessively long header values to the target application. The attack vector is remote via malicious HTTP responses.

Generated by OpenCVE AI on March 17, 2026 at 14:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the GetGo Download Manager to the latest available version if a patch has been released. If a patch is not yet released, consider disabling the application or removing it from production until a fix is available. Configure network perimeter devices, such as firewalls or reverse proxies, to reject HTTP responses with header values exceeding typical safe limits (e.g., 8 KB). Monitor application logs for unexpected crashes or denial‑of‑service incidents and verify that no malicious HTTP traffic is reaching the manager. Finally, keep the vendor’s security advisories under review to apply future patches promptly.

Generated by OpenCVE AI on March 17, 2026 at 14:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Getgosoft
Getgosoft getgo Download Manager
Vendors & Products Getgosoft
Getgosoft getgo Download Manager

Wed, 11 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it unavailable.
Title GetGo Download Manager 6.2.2.3300 Buffer Overflow DoS
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Getgosoft Getgo Download Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-11T19:31:01.181Z

Reserved: 2026-02-23T12:13:07.026Z

Link: CVE-2019-25478

cve-icon Vulnrichment

Updated: 2026-03-11T19:22:39.747Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T19:16:01.977

Modified: 2026-03-12T21:08:22.643

Link: CVE-2019-25478

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:29:42Z

Weaknesses