Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12513
HistoryOct 22, 2009 - 12:00 a.m.

aria2 AbstractCommand::onAbort()函数格式串漏洞

2009-10-2200:00:00
Root
www.seebug.org
11

0.042 Low

EPSS

Percentile

92.3%

JSON

CVE ID: CVE-2009-3617

aria2是Linux下的高速下载工具。

aria2的src/AbstractCommand.cc文件中的AbstractCommand::onAbort函数存在格式串漏洞。如果启用了日志功能,远程攻击者就可以在下载URI中包含printf格式串标识符触发分段错误,导致拒绝服务的情况。

aria2 < 1.6.2
厂商补丁:

aria2

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572

Related

ubuntucve 1
debiancve 1
prion 1
cve 1
cvelist 1
nvd 1
nessus 1
openvas 2
gentoo 1
ubuntucve
ubuntucve
CVE-2009-3617
2009-10-20 00:00:00
debiancve
debiancve
CVE-2009-3617
2009-10-20 17:30:01
prion
prion
Format string
2009-10-20 17:30:00
cve
cve
CVE-2009-3617
2009-10-20 17:30:01
cvelist
cvelist
CVE-2009-3617
2009-10-20 17:00:00
nvd
nvd
CVE-2009-3617
2009-10-20 17:30:01
nessus
nessus
GLSA-201001-06 : aria2: Multiple vulnerabilities
2010-02-25 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201001-06 (aria2)
2010-01-20 00:00:00
Gentoo Security Advisory GLSA 201001-06 (aria2)
2010-01-20 00:00:00
gentoo
gentoo
aria2: Multiple vulnerabilities
2010-01-13 00:00:00

0.042 Low

EPSS

Percentile

92.3%

JSON
Related for SSV:12513
ubuntucve1debiancve1prion1cve1cvelist1nvd1nessus1openvas2gentoo1