MEDIUM SeverityCVSS 4.06.9CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVE-2020-37234

Last updated May 16, 2026 · Published May 16, 2026

Description

Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data exceeding 5000 bytes into the 'Open the following file when done' field to trigger a denial of service condition.

Affected products

1 listed

Internetdownloadmanager:Internet Download Manager

Mappings

CWE

CWE-120

CAPEC

None listed.

Guides

Rate Limiting in Node.jsPatterns for APIs, login endpoints, and abuse control.

Training

API Design That Defends ItselfREST, GraphQL, and gRPC patterns that reduce your attack surface by design.

CVE-2020-37234

Description

Affected products

Mappings

Related