{"id":"CVE-2009-3617","details":"Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI.  NOTE: some of these details are obtained from third party information.","modified":"2026-04-10T03:40:57.091623Z","published":"2009-10-20T17:30:01Z","related":["openSUSE-SU-2024:10060-1"],"references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/31732"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2009/2960"},{"type":"FIX","url":"http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572"},{"type":"FIX","url":"http://marc.info/?l=oss-security&m=125568632528906&w=2"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=529342"},{"type":"WEB","url":"http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586"},{"type":"WEB","url":"http://marc.info/?l=oss-security&m=125572053420493&w=2"},{"type":"WEB","url":"http://osvdb.org/59087"},{"type":"WEB","url":"https://fedorahosted.org/rel-eng/ticket/2495"}],"schema_version":"1.7.5"}