Unrated severityNVD Advisory· Published Oct 20, 2009· Updated Apr 23, 2026
CVE-2009-3617
CVE-2009-3617
Description
Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information.
Affected products
37cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.14.0:*:*:*:*:*:*:*+ 36 more
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.14.0\+1:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.0:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.1:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.1\+1:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.1\+2:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.2:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.16.0:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.16.1:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.16.2:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:*:*:*:*:*:*:*:*range: <=1.6.1
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.4:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.5:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.0\+1:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.1\+1:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.2\+1:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.6.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.ccnvdPatch
- marc.infonvdPatch
- bugzilla.redhat.com/show_bug.cginvdPatch
- secunia.com/advisories/31732nvdVendor Advisory
- www.vupen.com/english/advisories/2009/2960nvdVendor Advisory
- aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWSnvd
- marc.infonvd
- osvdb.org/59087nvd
- fedorahosted.org/rel-eng/ticket/2495nvd
News mentions
0No linked articles in our index yet.