CVE-2009-3575 - OpenCVE

Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tatsuhiro Tsujikawa	Aria2

Configuration 1 [-]

OR	cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.3:::::::*
	cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.2.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/37971
http://www.debian.org/security/2009/dsa-1957
http://www.mandriva.com/security/advisories?name=MDVSA-2009:226
http://www.securityfocus.com/bid/36332
https://nvd.nist.gov/vuln/detail/CVE-2009-3575
https://qa.mandriva.com/show_bug.cgi?id=52840
https://www.cve.org/CVERecord?id=CVE-2009-3575

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-10-07T17:00:00

Updated: 2024-08-07T06:31:10.575Z

Reserved: 2009-10-07T00:00:00

Link: CVE-2009-3575

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-10-07T17:30:00.203

Modified: 2009-12-31T07:04:02.877

Link: CVE-2009-3575

Redhat

Severity : Moderate

Publid Date: 2009-08-13T00:00:00Z

Links: CVE-2009-3575 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-02-12T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-12-31T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "36332", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36332"}, {"name": "37971", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37971"}, {"name": "DSA-1957", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1957"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://qa.mandriva.com/show_bug.cgi?id=52840"}, {"name": "MDVSA-2009:226", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:226"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3575", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "36332", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36332"}, {"name": "37971", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37971"}, {"name": "DSA-1957", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1957"}, {"name": "https://qa.mandriva.com/show_bug.cgi?id=52840", "refsource": "CONFIRM", "url": "https://qa.mandriva.com/show_bug.cgi?id=52840"}, {"name": "MDVSA-2009:226", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:226"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:31:10.575Z"}, "title": "CVE Program Container", "references": [{"name": "36332", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36332"}, {"name": "37971", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37971"}, {"name": "DSA-1957", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1957"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://qa.mandriva.com/show_bug.cgi?id=52840"}, {"name": "MDVSA-2009:226", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:226"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3575", "datePublished": "2009-10-07T17:00:00", "dateReserved": "2009-10-07T00:00:00", "dateUpdated": "2024-08-07T06:31:10.575Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.3:*:*:*:*:*:*:*", "matchCriteriaId": "6798D1A2-F961-48C5-A2F6-086A3A2DB456", "vulnerable": true}, {"criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "40FAE4C8-7F23-4E67-BA06-276BC3A5DE62", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en DHTRoutingTableDeserializer.cc en aria2 v0.15.3, v1.2.0 y otras versiones, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores no especificados."}], "id": "CVE-2009-3575", "lastModified": "2009-12-31T07:04:02.877", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-10-07T17:30:00.203", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/37971"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2009/dsa-1957"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:226"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/36332"}, {"source": "cve@mitre.org", "url": "https://qa.mandriva.com/show_bug.cgi?id=52840"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}