CVE-2009-3575Improper Restriction of Operations within the Bounds of a Memory Buffer in Aria2

6 documents6 sources
Severity
10.0CRITICALNVD
EPSS
3.0%
top 13.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tatsuhiro Tsujikawa Aria2Debian Aria2
Timeline
PublishedOct 7
Latest updateMay 2

Description

Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

debiandebian/aria2< aria2 1.2.0-1 (bookworm)
Debiantatsuhiro_tsujikawa/aria2< 1.2.0-1+3
NVDtatsuhiro_tsujikawa/aria20.15.3, 1.2.0+1

🔴Vulnerability Details

2
GHSA
GHSA-2g3h-rvgj-6gh5: Buffer overflow in DHTRoutingTableDeserializer2022-05-02
OSV
CVE-2009-3575: Buffer overflow in DHTRoutingTableDeserializer2009-10-07

📋Vendor Advisories

2
Red Hat
aria2: buffer overflow vulnerability2009-08-13
Debian
CVE-2009-3575: aria2 - Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and ot...2009

💬Community

1
Bugzilla
CVE-2009-3575 aria2: buffer overflow vulnerability2009-10-07