CVE-2020-37234
6.2 MEDIUMInternet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to cras...
Published: 2026-05-16 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 6.2 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- CWE
- CWE-120
Description
Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data exceeding 5000 bytes into the 'Open the following file when done' field to trigger a denial of service condition.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2020-37234
- [Other]http://www.internetdownloadmanager.com/
- [Other]http://www.internetdownloadmanager.com/download.html
- [Other]https://www.exploit-db.com/exploits/49083
- [Other]https://www.vulncheck.com/advisories/internet-download-manager-scheduler-buffer-overflow
Related CVEs
Same CWE
- CVE-2026-12328 — Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151 (8.1 HIGH)
- CVE-2026-12192 — A vulnerability was determined in GALAYOU Y4 1.0.0 (8.8 HIGH)
- CVE-2026-36818 — Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter... (7.5 HIGH)
- CVE-2026-36817 — Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo paramet... (7.5 HIGH)
- CVE-2026-36816 — Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo paramete... (7.5 HIGH)