CVE-2020-37234 MEDIUM

CVE-2020-37234: Internet Download Manager 6.38.12 Scheduler Buffer Overflow

Vendor Internetdownloadmanager
Product Internet Download Manager
Weakness CWE-120
Published May 16, 2026
Last update May 18, 2026

CVSS base score

6.9/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data exceeding 5000 bytes into the 'Open the following file when done' field to trigger a denial of service condition.

Key dates

02Disclosure timeline

May 16, 2026 CVE published
May 18, 2026 Record updated