CVE-2009-3617

Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:tatsuhiro_tsujikawa:aria2:*:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.3:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.4:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.5:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.12.0:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.12.1:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.0:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.0\+1:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.1:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.1\+1:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.2:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.2\+1:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.14.0:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.14.0\+1:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.0:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.1:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.1\+1:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.1\+2:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.2:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.3:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.16.0:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.16.1:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.16.2:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.6.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:07

Type Values Removed Values Added
References () http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586 - () http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586 -
References () http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572 - Patch () http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572 - Patch
References () http://marc.info/?l=oss-security&m=125568632528906&w=2 - Patch () http://marc.info/?l=oss-security&m=125568632528906&w=2 - Patch
References () http://marc.info/?l=oss-security&m=125572053420493&w=2 - () http://marc.info/?l=oss-security&m=125572053420493&w=2 -
References () http://osvdb.org/59087 - () http://osvdb.org/59087 -
References () http://secunia.com/advisories/31732 - Vendor Advisory () http://secunia.com/advisories/31732 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2009/2960 - Vendor Advisory () http://www.vupen.com/english/advisories/2009/2960 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=529342 - Patch () https://bugzilla.redhat.com/show_bug.cgi?id=529342 - Patch
References () https://fedorahosted.org/rel-eng/ticket/2495 - () https://fedorahosted.org/rel-eng/ticket/2495 -

07 Nov 2023, 02:04

Type Values Removed Values Added
Summary Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information. Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information.

Information

Published : 2009-10-20 17:30

Updated : 2024-11-21 01:07


NVD link : CVE-2009-3617

Mitre link : CVE-2009-3617

CVE.ORG link : CVE-2009-3617


JSON object : View

Products Affected

tatsuhiro_tsujikawa

  • aria2
CWE
CWE-134

Use of Externally-Controlled Format String