CVE-2009-3617 Common Vulnerabilities and Exposures

Upstream information

CVE-2009-3617 at MITRE

Description

Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
CVSS detail	National Vulnerability Database
Base Score	7.6
Vector	AV:N/AC:H/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	High
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entries: 547318 [RESOLVED / FIXED], 573072 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`aria2 >= 1.29.0-1.1` `aria2-devel >= 1.29.0-1.1` `aria2-lang >= 1.29.0-1.1` `libaria2-0 >= 1.29.0-1.1`	Patchnames: openSUSE-Tumbleweed-2024-10060

SUSE Timeline for this CVE

CVE page created: Tue Jul 9 17:10:14 2013
CVE page last modified: Sat Nov 1 19:28:21 2025