CVE-2009-3617

Name of the Vulnerable Software and Affected Versions aria2 versions prior to 1.6.2

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service, specifically an application crash, via format string specifiers in a download URI when logging is enabled. This is related to a format string vulnerability in the AbstractCommand::onAbort function.

Recommendations For versions prior to 1.6.2, update to version 1.6.2 or later to resolve the issue. As a temporary workaround, consider disabling logging to minimize the risk of exploitation. Restrict access to download URIs that may contain format string specifiers to prevent potential attacks.