Back to search
CVE-2009-3617
Published: Oct 20, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://fedorahosted.org/rel-eng/ticket/2495
x_refsource_CONFIRM
ADV-2009-2960
vdb-entry
x_refsource_VUPEN
[oss-security] 20091016 CVE Request - aria2 - 1.6.2
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=529342
x_refsource_CONFIRM
31732
third-party-advisory
x_refsource_SECUNIA
59087
vdb-entry
x_refsource_OSVDB
[oss-security] 20091016 Re: CVE Request - aria2 - 1.6.2
mailing-list
x_refsource_MLIST
http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now