CVE-2009-3617 — Use of Externally-Controlled Format String in Aria2

CWE-134 — Use of Externally-Controlled Format String6 documents6 sources

Severity

7.6HIGHNVD

EPSS

14.0%

top 5.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tatsuhiro Tsujikawa Aria2 Debian Aria2

Timeline

PublishedOct 20

Latest updateMay 2

Description

Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/aria2< aria2 1.6.2-1 (bookworm)

▶Debiantatsuhiro_tsujikawa/aria2< 1.6.2-1+3

▶NVDtatsuhiro_tsujikawa/aria21.6.1+36

Patches

Patch: aria2.svn.sourceforge.net ↗Patch: marc.info ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-m6c3-p3rg-chxv: Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand↗2022-05-02

▶

OSV

CVE-2009-3617: Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand↗2009-10-20

▶

📋Vendor Advisories

Red Hat

aria2: DoS (crash) if URI to download contains printf format string (%d) and logging is enabled↗2009-10-09

▶

Debian

CVE-2009-3617: aria2 - Format string vulnerability in the AbstractCommand::onAbort function in src/Abst...↗2009

▶

💬Community

Bugzilla

CVE-2009-3617 aria2: DoS (crash) if URI to download contains printf format string (%d) and logging is enabled↗2009-10-16

▶