High severity7.8OSV Advisory· Published Jan 2, 2019· Updated Jun 17, 2026
CVE-2019-3500
CVE-2019-3500
Description
aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- Range: release-1.10.7, release-1.10.8, release-1.10.9, …
- osv-coords8 versionspkg:rpm/opensuse/aria2&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/aria2&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/aria2&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/aria2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/aria2&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/aria2&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/aria2&distro=SUSE%20Package%20Hub%2015%20SP2pkg:rpm/suse/aria2&distro=SUSE%20Package%20Hub%2015%20SP3
< 1.33.1-bp150.3.7.1+ 7 more
- (no CPE)range: < 1.33.1-bp150.3.7.1
- (no CPE)range: < 1.35.0-bp153.2.3.1
- (no CPE)range: < 1.35.0-bp153.2.3.1
- (no CPE)range: < 1.36.0-1.2
- (no CPE)range: < 1.33.1-bp150.3.7.1
- (no CPE)range: < 1.35.0-bp153.2.3.1
- (no CPE)range: < 1.35.0-bp153.2.3.1
- (no CPE)range: < 1.35.0-bp153.2.3.1
Patches
Vulnerability mechanics
References
7- github.com/aria2/aria2/issues/1329nvdPatchThird Party Advisory
- lists.debian.org/debian-lts-announce/2019/01/msg00012.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2021/12/msg00039.htmlnvdMailing ListThird Party Advisory
- usn.ubuntu.com/3965-1/nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/532M22TAOOIY3J4XX4R7BLZHXJRUSBQ2/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MUUYDELHRLVE2AFNVR3OJ6ILUKVLY4B/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U5OLPTVYHJZJ2MVEXJCNPXBSFPVPE4XX/nvd
News mentions
0No linked articles in our index yet.