{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2019-25478", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-02-23T12:13:07.026Z", "datePublished": "2026-03-11T18:23:19.387Z", "dateUpdated": "2026-04-07T14:04:33.709Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-07T14:04:33.709Z"}, "title": "GetGo Download Manager 6.2.2.3300 Buffer Overflow DoS", "descriptions": [{"lang": "en", "value": "GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it unavailable."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Getgosoft", "product": "GetGo Download Manager", "versions": [{"version": "6.2.2.3300", "status": "affected"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/47282", "name": "ExploitDB-47282", "tags": ["exploit"]}, {"url": "http://www.getgosoft.com/getgodm/", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: GetGo Download Manager 6.2.2.3300 Buffer Overflow DoS", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/getgo-download-manager-buffer-overflow-dos"}], "x_generator": {"engine": "vulncheck"}, "datePublic": "2019-08-16T00:00:00.000Z"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25478", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T18:49:51.099102Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T19:31:01.181Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-25478", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T18:49:51.099102Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T19:22:39.747Z"}}], "cna": {"title": "GetGo Download Manager 6.2.2.3300 Buffer Overflow DoS", "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Getgosoft", "product": "GetGo Download Manager", "versions": [{"status": "affected", "version": "6.2.2.3300"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/47282", "name": "ExploitDB-47282", "tags": ["exploit"]}, {"url": "http://www.getgosoft.com/getgodm/", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/getgo-download-manager-buffer-overflow-dos", "name": "VulnCheck Advisory: GetGo Download Manager 6.2.2.3300 Buffer Overflow DoS", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it unavailable."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-11T18:23:19.387Z"}}}, "cveMetadata": {"cveId": "CVE-2019-25478", "state": "PUBLISHED", "dateUpdated": "2026-03-11T19:31:01.181Z", "dateReserved": "2026-02-23T12:13:07.026Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-11T18:23:19.387Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers can craft malicious HTTP responses with oversized header values to crash the application and make it unavailable."}, {"lang": "es", "value": "GetGo Download Manager 6.2.2.3300 contiene una vulnerabilidad de desbordamiento de b\u00fafer que permite a atacantes remotos causar denegaci\u00f3n de servicio enviando respuestas HTTP con encabezados excesivamente largos. Los atacantes pueden crear respuestas HTTP maliciosas con valores de encabezado sobredimensionados para bloquear la aplicaci\u00f3n y dejarla no disponible."}], "id": "CVE-2019-25478", "lastModified": "2026-04-15T14:56:45.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-11T19:16:01.977", "references": [{"source": "disclosure@vulncheck.com", "url": "http://www.getgosoft.com/getgodm/"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/47282"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/getgo-download-manager-buffer-overflow-dos"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "6.2.2.3300"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "GetGo Download Manager", "source": "cna", "vendor": "Getgosoft"}, "product": "getgo_download_manager", "vendor": "getgosoft"}], "analysis": {"en": {"generated_at": "2026-03-17T14:39:04.273426+00:00", "value": {"mitigation_remediation": ["Update the GetGo Download Manager to the latest available version if a patch has been released. If a patch is not yet released, consider disabling the application or removing it from production until a fix is available. Configure network perimeter devices, such as firewalls or reverse proxies, to reject HTTP responses with header values exceeding typical safe limits (e.g., 8 KB). Monitor application logs for unexpected crashes or denial\u2011of\u2011service incidents and verify that no malicious HTTP traffic is reaching the manager. Finally, keep the vendor\u2019s security advisories under review to apply future patches promptly."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Affected vendor: Getgosoft; affected product: GetGo Download Manager; affected version: 6.2.2.3300. No additional version ranges are provided.", "description_and_impact": "GetGo Download Manager version 6.2.2.3300 contains a buffer overflow (CWE\u2011787) that allows remote attackers to trigger a denial of service. The vulnerability is triggered when the application receives HTTP responses with header values that exceed the buffer size, causing the program to crash and become unavailable. The primary impact is a loss of availability of the application.", "risk_and_exploitability": "The CVSS score is 8.7, indicating high severity. The EPSS score is <1%, suggesting low likelihood of exploitation in the wild, and the issue is not listed in CISA\u2019s KEV catalog. Exploitation requires an attacker control over a remote HTTP service that can deliver excessively long header values to the target application. The attack vector is remote via malicious HTTP responses."}}}}, "created": "2026-03-12T09:57:07.963154+00:00", "updated": "2026-03-20T15:29:42.518012+00:00", "vendors": ["getgosoft", "getgosoft$PRODUCT$getgo_download_manager"]}