Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tatsuhiro_tsujikawa | aria2 | 0.16.1 |
| tatsuhiro_tsujikawa | aria2 | 0.13.2 |
| tatsuhiro_tsujikawa | aria2 | 0.13.0 |
| tatsuhiro_tsujikawa | aria2 | 1.3.1 |
| tatsuhiro_tsujikawa | aria2 | 1.3.2 |
| tatsuhiro_tsujikawa | aria2 | 0.11.3 |
| tatsuhiro_tsujikawa | aria2 | 0.15.1+1 |
| tatsuhiro_tsujikawa | aria2 | 0.13.2+1 |
| tatsuhiro_tsujikawa | aria2 | 0.11.5 |
| tatsuhiro_tsujikawa | aria2 | 0.13.1 |
| tatsuhiro_tsujikawa | aria2 | 0.13.1+1 |
| tatsuhiro_tsujikawa | aria2 | 0.12.1 |
| tatsuhiro_tsujikawa | aria2 | 1.5.1 |
| tatsuhiro_tsujikawa | aria2 | * |
| tatsuhiro_tsujikawa | aria2 | 1.1.1 |
| tatsuhiro_tsujikawa | aria2 | 1.4.1 |
| tatsuhiro_tsujikawa | aria2 | 0.12.0 |
| tatsuhiro_tsujikawa | aria2 | 0.15.3 |
| tatsuhiro_tsujikawa | aria2 | 0.16.0 |
| tatsuhiro_tsujikawa | aria2 | 0.15.0 |
| tatsuhiro_tsujikawa | aria2 | 1.2.0 |
| tatsuhiro_tsujikawa | aria2 | 0.15.1 |
| tatsuhiro_tsujikawa | aria2 | 0.14.0+1 |
| tatsuhiro_tsujikawa | aria2 | 1.3.0 |
| tatsuhiro_tsujikawa | aria2 | 1.3.3 |
| tatsuhiro_tsujikawa | aria2 | 1.0.0 |
| tatsuhiro_tsujikawa | aria2 | 1.4.0 |
| tatsuhiro_tsujikawa | aria2 | 1.5.0 |
| tatsuhiro_tsujikawa | aria2 | 0.16.2 |
| tatsuhiro_tsujikawa | aria2 | 0.14.0 |
| tatsuhiro_tsujikawa | aria2 | 1.6.0 |
| tatsuhiro_tsujikawa | aria2 | 0.11.4 |
| tatsuhiro_tsujikawa | aria2 | 1.1.2 |
| tatsuhiro_tsujikawa | aria2 | 0.15.1+2 |
| tatsuhiro_tsujikawa | aria2 | 1.5.2 |
| tatsuhiro_tsujikawa | aria2 | 0.15.2 |
| tatsuhiro_tsujikawa | aria2 | 0.13.0+1 |
Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| tatsuhiro_tsujikawa | aria2 | 0.16.1 |
| tatsuhiro_tsujikawa | aria2 | 0.5.0 |
| tatsuhiro_tsujikawa | aria2 | 1.8.1 |
| tatsuhiro_tsujikawa | aria2 | 0.5.2 |
| tatsuhiro_tsujikawa | aria2 | 0.11.2 |
| tatsuhiro_tsujikawa | aria2 | 0.13.0 |
| tatsuhiro_tsujikawa | aria2 | 0.5.1 |
| tatsuhiro_tsujikawa | aria2 | 1.3.1 |
| tatsuhiro_tsujikawa | aria2 | 0.7.0 |
| tatsuhiro_tsujikawa | aria2 | 1.1.0 |
| tatsuhiro_tsujikawa | aria2 | 0.3.1+2 |
| tatsuhiro_tsujikawa | aria2 | 0.11.3 |
| tatsuhiro_tsujikawa | aria2 | 0.3.2 |
| tatsuhiro_tsujikawa | aria2 | 0.10.2 |
| tatsuhiro_tsujikawa | aria2 | 0.11.5 |
| tatsuhiro_tsujikawa | aria2 | 0.13.1 |
| tatsuhiro_tsujikawa | aria2 | 0.7.2 |
| tatsuhiro_tsujikawa | aria2 | 0.11.1 |
| tatsuhiro_tsujikawa | aria2 | 1.0.1 |
| tatsuhiro_tsujikawa | aria2 | 1.6.2 |
| tatsuhiro_tsujikawa | aria2 | 1.7.2 |
| tatsuhiro_tsujikawa | aria2 | 1.9.0 |
| tatsuhiro_tsujikawa | aria2 | 0.12.1 |
| tatsuhiro_tsujikawa | aria2 | 1.5.1 |
| tatsuhiro_tsujikawa | aria2 | * |
| tatsuhiro_tsujikawa | aria2 | 1.1.1 |
| tatsuhiro_tsujikawa | aria2 | 0.5.0+2 |
| tatsuhiro_tsujikawa | aria2 | 0.12.0 |
| tatsuhiro_tsujikawa | aria2 | 0.15.1 |
| tatsuhiro_tsujikawa | aria2 | 0.14.0+1 |
| tatsuhiro_tsujikawa | aria2 | 1.3.0 |
| tatsuhiro_tsujikawa | aria2 | 0.8.1 |
| tatsuhiro_tsujikawa | aria2 | 1.3.3 |
| tatsuhiro_tsujikawa | aria2 | 0.11.0 |
| tatsuhiro_tsujikawa | aria2 | 1.5.0 |
| tatsuhiro_tsujikawa | aria2 | 1.6.3 |
| tatsuhiro_tsujikawa | aria2 | 0.16.2 |
| tatsuhiro_tsujikawa | aria2 | 0.14.0 |
| tatsuhiro_tsujikawa | aria2 | 0.4.0 |
| tatsuhiro_tsujikawa | aria2 | 0.6.0 |
| tatsuhiro_tsujikawa | aria2 | 1.6.0 |
| tatsuhiro_tsujikawa | aria2 | 1.8.3 |
| tatsuhiro_tsujikawa | aria2 | 0.7.1 |
| tatsuhiro_tsujikawa | aria2 | 0.2.1 |
| tatsuhiro_tsujikawa | aria2 | 0.15.1+2 |
| tatsuhiro_tsujikawa | aria2 | 0.2.0 |
| tatsuhiro_tsujikawa | aria2 | 1.5.2 |
| tatsuhiro_tsujikawa | aria2 | 0.15.2 |
| tatsuhiro_tsujikawa | aria2 | 0.3.1 |
| tatsuhiro_tsujikawa | aria2 | 0.13.0+1 |
| tatsuhiro_tsujikawa | aria2 | 0.13.1+2 |
| tatsuhiro_tsujikawa | aria2 | 0.11.1+1 |
| tatsuhiro_tsujikawa | aria2 | 1.7.1 |
| tatsuhiro_tsujikawa | aria2 | 0.6.0+1 |
| tatsuhiro_tsujikawa | aria2 | 0.10.0+1 |
| tatsuhiro_tsujikawa | aria2 | 0.13.2 |
| tatsuhiro_tsujikawa | aria2 | 1.3.2 |
| tatsuhiro_tsujikawa | aria2 | 0.2.1+1 |
| tatsuhiro_tsujikawa | aria2 | 1.6.1 |
| tatsuhiro_tsujikawa | aria2 | 0.7.3 |
| tatsuhiro_tsujikawa | aria2 | 0.15.1+1 |
| tatsuhiro_tsujikawa | aria2 | 0.13.2+1 |
| tatsuhiro_tsujikawa | aria2 | 0.9.0 |
| tatsuhiro_tsujikawa | aria2 | 0.1.0 |
| tatsuhiro_tsujikawa | aria2 | 0.3.0 |
| tatsuhiro_tsujikawa | aria2 | 0.13.1+1 |
| tatsuhiro_tsujikawa | aria2 | 0.8.0 |
| tatsuhiro_tsujikawa | aria2 | 1.5.0b+20090716 |
| tatsuhiro_tsujikawa | aria2 | 1.4.1 |
| tatsuhiro_tsujikawa | aria2 | 0.15.3 |
| tatsuhiro_tsujikawa | aria2 | 1.8.0 |
| tatsuhiro_tsujikawa | aria2 | 0.16.0 |
| tatsuhiro_tsujikawa | aria2 | 0.15.0 |
| tatsuhiro_tsujikawa | aria2 | 1.2.0 |
| tatsuhiro_tsujikawa | aria2 | 1.9.1 |
| tatsuhiro_tsujikawa | aria2 | 0.10.1 |
| tatsuhiro_tsujikawa | aria2 | 1.0.0 |
| tatsuhiro_tsujikawa | aria2 | 1.4.0 |
| tatsuhiro_tsujikawa | aria2 | 0.11.4 |
| tatsuhiro_tsujikawa | aria2 | 1.1.2 |
| tatsuhiro_tsujikawa | aria2 | 0.4.1 |
| tatsuhiro_tsujikawa | aria2 | 0.3.1+1 |
| tatsuhiro_tsujikawa | aria2 | 0.5.0+1 |
| tatsuhiro_tsujikawa | aria2 | 0.10.0 |
| tatsuhiro_tsujikawa | aria2 | 0.10.2+1 |
| tatsuhiro_tsujikawa | aria2 | 1.8.2 |
| tatsuhiro_tsujikawa | aria2 | 0.2.1+2 |
| tatsuhiro_tsujikawa | aria2 | 1.7.0 |