CVE-2009-3617
EPSS 14.0%
Description
Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information.
How to fix CVE-2009-3617
To remediate CVE-2009-3617, upgrade the affected package to a fixed version below.
- Debian/aria2—upgrade to 1.6.2-1 or later
Is CVE-2009-3617 being exploited?
Moderate — EPSS is 14.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 1.6.2-1