Sundaram

**Name of the Vulnerable Software and Affected Versions** aria2 versions prior to 1.6.2 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, specifically an application crash, via format string specifiers in a download URI when logging is enabled. This is related to a format string vulnerability in the AbstractCommand::onAbort function. **Recommendations** For versions prior to 1.6.2, update to version 1.6.2 or later to resolve the issue. As a temporary workaround, consider disabling logging to minimize the risk of exploitation. Restrict access to download URIs that may contain format string specifiers to prevent potential attacks.