What is CVE-2014-2206?

CVE-2014-2206 is a vulnerability in Getgosoft Getgo_download_manager, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-03-05.

Is CVE-2014-2206 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Getgosoft Getgo_download_manager

CVE-2014-2206

Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, 4.8.2.1346, 4.4.5.502, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long HTTP Response Header.

Vulnerability class: Buffer Overflow

EPSS: 0.766 (99.0th percentile) — read the EPSS interpretation.

Affected products

Getgosoft Getgo_download_manager — versions 4.8.2.1346, 4.9.0.1982
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

Public proof-of-concept exploits

References

20140302 [CVE-2014-2206] GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (Exploit, x_refsource_MISC)
65913 (Exploit, vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2014-2206?: CVE-2014-2206 is a vulnerability in Getgosoft Getgo_download_manager, classified under Improper Restriction of Operations within the Bounds of a Memory Buffer. Published 2014-03-05.
Is CVE-2014-2206 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.