CVE-2009-3617
Severity CVSS v4.0:
Pending analysis
Type:
CWE-134
Format String Vulnerability
Publication date:
20/10/2009
Last modified:
07/11/2023
Description
Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information.
Impact
Base Score 2.0
7.60
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:*:*:*:*:*:*:*:* | 1.6.1 (including) | |
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.12.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.12.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.0\+1:*:*:*:*:*:*:* | ||
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.1\+1:*:*:*:*:*:*:* | ||
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.2\+1:*:*:*:*:*:*:* | ||
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.14.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.14.0\+1:*:*:*:*:*:*:* | ||
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586
- http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572
- http://marc.info/?l=oss-security&m=125568632528906&w=2
- http://marc.info/?l=oss-security&m=125572053420493&w=2
- http://osvdb.org/59087
- http://secunia.com/advisories/31732
- http://www.vupen.com/english/advisories/2009/2960
- https://bugzilla.redhat.com/show_bug.cgi?id=529342
- https://fedorahosted.org/rel-eng/ticket/2495