mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
359 lines
13 KiB
JSON
359 lines
13 KiB
JSON
{
|
|
"id": "CVE-2009-3617",
|
|
"sourceIdentifier": "secalert@redhat.com",
|
|
"published": "2009-10-20T17:30:01.000",
|
|
"lastModified": "2024-11-21T01:07:48.903",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de formato de cadena en la funci\u00f3n AbstractCommand::onAbort src/AbstractCommand.cc en aria2 anterior a la v1.6.2, cuando \"loggin\" est\u00e1 activado, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de los especificadores de formato de cadena en una URI de descarga. NOTA: algunos de estos detalles han sido obtenidos a partir de terceros."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
|
|
"baseScore": 7.6,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "HIGH",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "COMPLETE",
|
|
"integrityImpact": "COMPLETE",
|
|
"availabilityImpact": "COMPLETE"
|
|
},
|
|
"baseSeverity": "HIGH",
|
|
"exploitabilityScore": 4.9,
|
|
"impactScore": 10.0,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": true,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-134"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "1.6.1",
|
|
"matchCriteriaId": "0408A5B5-1B7B-4984-8634-6FDDA2D73583"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C997A75D-C176-4A6A-8997-D6F74BBBDF35"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "540A0ACA-6E2A-45DF-B3C4-37F1DB6AA1BE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D4FDABE1-D6AA-498A-9E75-29D4E2231565"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.12.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "23D21ADF-742F-4B5E-BE76-2D79BD090A85"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.12.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FE3B0EB4-BEE9-4EAA-B347-376C04550098"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CD4F3902-615A-4EDD-BB81-03841E686C42"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.0\\+1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B371FD0E-49A2-4A74-A047-16AC1FC5FB85"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3427790A-846E-4F5D-B28A-3C175AEF6ADD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.1\\+1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FAAADBF9-839C-486D-821B-460DCEDAF548"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "378CD567-A5CD-48E2-BCA6-5E08335685EF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.2\\+1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4BEF6895-6555-48B2-8FED-2747BAAEB9C9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.14.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5260D845-B580-49B7-8BEB-8EE3F0919BFD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.14.0\\+1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "744775BE-7FAF-4FFC-8F68-81C2B6FD71FC"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "19533000-5927-478D-A786-CB63E93948B3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "70F2BDE0-CC4B-4C1C-9FFA-D4E3F5AA37DA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.1\\+1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "973F6E89-D2E8-4C92-B534-43248587840D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.1\\+2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3BC24DE0-7D6B-4284-A73A-E5982B49ACB7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "06C66BAD-4A07-4FAB-9BFF-50FB37D06647"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6798D1A2-F961-48C5-A2F6-086A3A2DB456"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.16.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "55F425AA-624E-41A9-83CD-19F913E39C12"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.16.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B3D3774F-C55C-40B6-A85D-DBD5DAE666C5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.16.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E8315C60-79EF-4484-B54B-2E7E1FEB5FAF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E9ED06F2-8669-4C90-BB22-5DDE01DFD4F1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "371FD10B-90BB-417C-A37E-F5C50EFAEF22"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D1FC3F03-3890-4466-8A0A-B020460B8507"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "40FAE4C8-7F23-4E67-BA06-276BC3A5DE62"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CE6E9CCB-8DCF-41F8-A4DE-5B4D139E719A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E0594B76-BE61-451D-8512-B9C81F476372"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D248E3DA-D9FF-4A08-9C63-9B72AE946AD3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3BBCD24D-B863-4516-A7DD-1264D5D81BD3"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4F72DB79-0C01-481A-A442-4489C5C859B8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.4.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4166DE3D-3019-434F-9EC5-C74057F91F65"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.5.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "836C565A-B1EB-4ED1-BCFB-EF60CFE9ED8A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.5.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F4EB136B-45C1-439D-810F-E234267A44EE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.5.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F49FE022-33DC-4F05-8D64-1E64816E391F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.6.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2C0ECA2A-043C-4C36-9618-E3EAE45AA5CD"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://marc.info/?l=oss-security&m=125568632528906&w=2",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://marc.info/?l=oss-security&m=125572053420493&w=2",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://osvdb.org/59087",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/31732",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2009/2960",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=529342",
|
|
"source": "secalert@redhat.com",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://fedorahosted.org/rel-eng/ticket/2495",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://marc.info/?l=oss-security&m=125568632528906&w=2",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://marc.info/?l=oss-security&m=125572053420493&w=2",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://osvdb.org/59087",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://secunia.com/advisories/31732",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2009/2960",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=529342",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Patch"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://fedorahosted.org/rel-eng/ticket/2495",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |