Published: 07/10/2009 Updated: 31/12/2009

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tatsuhiro tsujikawa aria2 0.15.3
tatsuhiro tsujikawa aria2 1.2.0

Debian Bug report logs - #551070 CVE-2009-3575: Buffer overflow in DHTRoutingTableDeserializercc Package: aria2; Maintainer for aria2 is Patrick Ruckstuhl <patrick@chtarioorg>; Source for aria2 is src:aria2 (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Thu, 15 Oct 2009 12:57:01 ...

It was discovered that aria2, a high speed download utility, is prone to a buffer overflow in the DHT routing code, which might lead to the execution of arbitrary code The oldstable distribution (etch) is not affected by this problem For the stable distribution (lenny), this problem has been fixed in version 0140-1+lenny1 Binaries for powerpc, ...

NVD-CWE-noinfo http://www.securityfocus.com/bid/36332 http://www.mandriva.com/security/advisories?name=MDVSA-2009:226 https://qa.mandriva.com/show_bug.cgi?id=52840 http://secunia.com/advisories/37971 http://www.debian.org/security/2009/dsa-1957 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551070 https://nvd.nist.gov https://www.debian.org/security/./dsa-1957

CVE-2009-3575

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect