CVE-2009-3575 — aria2 - arbitrary code execution

Description

Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

How to fix CVE-2009-3575

To remediate CVE-2009-3575, upgrade the affected package to a fixed version below.

Debian/aria2—upgrade to 1.2.0-1 or later
Debian/aria2—upgrade to 0.14.0-1+lenny1 or later

Is CVE-2009-3575 being exploited?

Low — EPSS is 3.0%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 1.2.0-1
from 0, < 0.14.0-1+lenny1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-3575