Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information.
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Aria2 | Tatsuhiro_tsujikawa | * | 1.6.1 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.11.3 (including) | 0.11.3 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.11.4 (including) | 0.11.4 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.11.5 (including) | 0.11.5 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.12.0 (including) | 0.12.0 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.12.1 (including) | 0.12.1 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.13.0 (including) | 0.13.0 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.13.0+1 (including) | 0.13.0+1 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.13.1 (including) | 0.13.1 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.13.1+1 (including) | 0.13.1+1 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.13.2 (including) | 0.13.2 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.13.2+1 (including) | 0.13.2+1 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.14.0 (including) | 0.14.0 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.14.0+1 (including) | 0.14.0+1 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.15.0 (including) | 0.15.0 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.15.1 (including) | 0.15.1 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.15.1+1 (including) | 0.15.1+1 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.15.1+2 (including) | 0.15.1+2 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.15.2 (including) | 0.15.2 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.15.3 (including) | 0.15.3 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.16.0 (including) | 0.16.0 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.16.1 (including) | 0.16.1 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 0.16.2 (including) | 0.16.2 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 1.0.0 (including) | 1.0.0 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 1.1.1 (including) | 1.1.1 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 1.1.2 (including) | 1.1.2 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 1.2.0 (including) | 1.2.0 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 1.3.0 (including) | 1.3.0 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 1.3.1 (including) | 1.3.1 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 1.3.2 (including) | 1.3.2 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 1.3.3 (including) | 1.3.3 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 1.4.0 (including) | 1.4.0 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 1.4.1 (including) | 1.4.1 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 1.5.0 (including) | 1.5.0 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 1.5.1 (including) | 1.5.1 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 1.5.2 (including) | 1.5.2 (including) |
| Aria2 | Tatsuhiro_tsujikawa | 1.6.0 (including) | 1.6.0 (including) |
| Aria2 | Ubuntu | hardy | * |
| Aria2 | Ubuntu | intrepid | * |
| Aria2 | Ubuntu | jaunty | * |
| Aria2 | Ubuntu | karmic | * |
| Aria2 | Ubuntu | upstream | * |