FKIE_CVE-2010-1512

Vulnerability from fkie_nvd - Published: 2010-05-17 21:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
References
PSIRT-CNA@flexerasoftware.comhttp://downloads.sourceforge.net/project/aria2/stable/aria2-1.9.3/NEWS
PSIRT-CNA@flexerasoftware.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041753.html
PSIRT-CNA@flexerasoftware.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041754.html
PSIRT-CNA@flexerasoftware.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041758.html
PSIRT-CNA@flexerasoftware.comhttp://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
PSIRT-CNA@flexerasoftware.comhttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/39529Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/39872
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/42906
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/secunia_research/2010-71/Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://security.gentoo.org/glsa/glsa-201101-04.xml
PSIRT-CNA@flexerasoftware.comhttp://www.debian.org/security/2010/dsa-2047
PSIRT-CNA@flexerasoftware.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:106
PSIRT-CNA@flexerasoftware.comhttp://www.osvdb.org/64592
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/archive/1/511280/100/0/threaded
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/bid/40142Patch
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2010/1228
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2010/1229
PSIRT-CNA@flexerasoftware.comhttp://www.vupen.com/english/advisories/2011/0116
af854a3a-2127-422b-91ae-364da2661108http://downloads.sourceforge.net/project/aria2/stable/aria2-1.9.3/NEWS
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041753.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041754.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041758.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39529Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39872
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42906
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/secunia_research/2010-71/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-201101-04.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2047
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:106
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/64592
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/511280/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/40142Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1228
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1229
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0116
Impacted products
Vendor Product Version
tatsuhiro_tsujikawa aria2 *
tatsuhiro_tsujikawa aria2 0.1.0
tatsuhiro_tsujikawa aria2 0.2.0
tatsuhiro_tsujikawa aria2 0.2.1
tatsuhiro_tsujikawa aria2 0.2.1\+1
tatsuhiro_tsujikawa aria2 0.2.1\+2
tatsuhiro_tsujikawa aria2 0.3.0
tatsuhiro_tsujikawa aria2 0.3.1
tatsuhiro_tsujikawa aria2 0.3.1\+1
tatsuhiro_tsujikawa aria2 0.3.1\+2
tatsuhiro_tsujikawa aria2 0.3.2
tatsuhiro_tsujikawa aria2 0.4.0
tatsuhiro_tsujikawa aria2 0.4.1
tatsuhiro_tsujikawa aria2 0.5.0
tatsuhiro_tsujikawa aria2 0.5.0\+1
tatsuhiro_tsujikawa aria2 0.5.0\+2
tatsuhiro_tsujikawa aria2 0.5.1
tatsuhiro_tsujikawa aria2 0.5.2
tatsuhiro_tsujikawa aria2 0.6.0
tatsuhiro_tsujikawa aria2 0.6.0\+1
tatsuhiro_tsujikawa aria2 0.7.0
tatsuhiro_tsujikawa aria2 0.7.1
tatsuhiro_tsujikawa aria2 0.7.2
tatsuhiro_tsujikawa aria2 0.7.3
tatsuhiro_tsujikawa aria2 0.8.0
tatsuhiro_tsujikawa aria2 0.8.1
tatsuhiro_tsujikawa aria2 0.9.0
tatsuhiro_tsujikawa aria2 0.10.0
tatsuhiro_tsujikawa aria2 0.10.0\+1
tatsuhiro_tsujikawa aria2 0.10.1
tatsuhiro_tsujikawa aria2 0.10.2
tatsuhiro_tsujikawa aria2 0.10.2\+1
tatsuhiro_tsujikawa aria2 0.11.0
tatsuhiro_tsujikawa aria2 0.11.1
tatsuhiro_tsujikawa aria2 0.11.1\+1
tatsuhiro_tsujikawa aria2 0.11.2
tatsuhiro_tsujikawa aria2 0.11.3
tatsuhiro_tsujikawa aria2 0.11.4
tatsuhiro_tsujikawa aria2 0.11.5
tatsuhiro_tsujikawa aria2 0.12.0
tatsuhiro_tsujikawa aria2 0.12.1
tatsuhiro_tsujikawa aria2 0.13.0
tatsuhiro_tsujikawa aria2 0.13.0\+1
tatsuhiro_tsujikawa aria2 0.13.1
tatsuhiro_tsujikawa aria2 0.13.1\+1
tatsuhiro_tsujikawa aria2 0.13.1\+2
tatsuhiro_tsujikawa aria2 0.13.2
tatsuhiro_tsujikawa aria2 0.13.2\+1
tatsuhiro_tsujikawa aria2 0.14.0
tatsuhiro_tsujikawa aria2 0.14.0\+1
tatsuhiro_tsujikawa aria2 0.15.0
tatsuhiro_tsujikawa aria2 0.15.1
tatsuhiro_tsujikawa aria2 0.15.1\+1
tatsuhiro_tsujikawa aria2 0.15.1\+2
tatsuhiro_tsujikawa aria2 0.15.2
tatsuhiro_tsujikawa aria2 0.15.3
tatsuhiro_tsujikawa aria2 0.16.0
tatsuhiro_tsujikawa aria2 0.16.1
tatsuhiro_tsujikawa aria2 0.16.2
tatsuhiro_tsujikawa aria2 1.0.0
tatsuhiro_tsujikawa aria2 1.0.1
tatsuhiro_tsujikawa aria2 1.1.0
tatsuhiro_tsujikawa aria2 1.1.1
tatsuhiro_tsujikawa aria2 1.1.2
tatsuhiro_tsujikawa aria2 1.2.0
tatsuhiro_tsujikawa aria2 1.3.0
tatsuhiro_tsujikawa aria2 1.3.1
tatsuhiro_tsujikawa aria2 1.3.2
tatsuhiro_tsujikawa aria2 1.3.3
tatsuhiro_tsujikawa aria2 1.4.0
tatsuhiro_tsujikawa aria2 1.4.1
tatsuhiro_tsujikawa aria2 1.5.0
tatsuhiro_tsujikawa aria2 1.5.0b\+20090716
tatsuhiro_tsujikawa aria2 1.5.1
tatsuhiro_tsujikawa aria2 1.5.2
tatsuhiro_tsujikawa aria2 1.6.0
tatsuhiro_tsujikawa aria2 1.6.1
tatsuhiro_tsujikawa aria2 1.6.2
tatsuhiro_tsujikawa aria2 1.6.3
tatsuhiro_tsujikawa aria2 1.7.0
tatsuhiro_tsujikawa aria2 1.7.1
tatsuhiro_tsujikawa aria2 1.7.2
tatsuhiro_tsujikawa aria2 1.8.0
tatsuhiro_tsujikawa aria2 1.8.1
tatsuhiro_tsujikawa aria2 1.8.2
tatsuhiro_tsujikawa aria2 1.8.3
tatsuhiro_tsujikawa aria2 1.9.0
tatsuhiro_tsujikawa aria2 1.9.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16CE187D-D7BC-44F2-B623-668452FE0509",
              "versionEndIncluding": "1.9.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03242A98-63A3-4225-952E-5AE318D7A92F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F34C9FCB-5DCD-4064-BA9E-3B77A6335EDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66FC43A1-0EE4-4346-ABAC-3E5C55B2E956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.2.1\\+1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF9B5EC2-982F-43E0-AB41-CC4194EBD2AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.2.1\\+2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E21B5EB1-BEFD-4FC3-9B6E-9E8F4E31910A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F907E5D6-6F7F-40A9-BF6F-DC5DB7852EAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B81A9EB3-744D-4282-91F2-5DA5BC1DCA56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.3.1\\+1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F851FBE-A34B-419D-B394-858DFA37EC40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.3.1\\+2:*:*:*:*:*:*:*",
              "matchCriteriaId": "251C3C4B-FB43-4183-BE8C-925D5BB535AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C39B80-9C81-4517-A3AD-D286A2E33CB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA48EA83-80EA-4C89-A41D-27B170464396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "208DF477-AB91-43CB-B691-5EF00D896B2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "47E85C62-54E0-4D76-8DC3-94C55C7A52BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.5.0\\+1:*:*:*:*:*:*:*",
              "matchCriteriaId": "972F3ADF-648D-4F64-A434-DECD0230AB41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.5.0\\+2:*:*:*:*:*:*:*",
              "matchCriteriaId": "92357F15-6DC4-482E-A2A8-D6F940E66008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1B7DE66-BC37-4504-A165-982B2240D5EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "75431CA8-47D6-4A92-82B9-A384BE8E3A2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C8D4A3C-01AD-41C0-850A-D33EF4DEA138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.6.0\\+1:*:*:*:*:*:*:*",
              "matchCriteriaId": "105F4587-036E-4B2F-9838-EFFC234391C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07F30EE3-4649-4D92-8C6D-C0CBDFC009C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "89B992E4-510C-40C9-92F4-CADD82EFFDBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "01433988-EC45-4B43-BA1E-239A875A2E40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "07A178F2-B101-4FDF-9778-398B6F75E0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7CEDC67-D0B2-4728-9229-CD2B8A9E99B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "913DD9CF-3C69-447A-9121-003B1D30292C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14F61EC6-B557-4E06-8D6D-83EDE600F1F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33AD13D7-D4A1-4793-BD66-E771B35B9EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.10.0\\+1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFC0EE14-59B6-4C58-841D-4F3C1C825DA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC67B23-1E8E-431C-A0E8-725B7B6E5A2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A4B12B9-3559-457E-8408-7D5A3237679C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.10.2\\+1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB11940-40A7-4037-930C-716D8A7332E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB80C5A0-F28F-49DD-9859-67F0F132D2E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82FCAE80-88E6-4025-B593-F9D9CB5A5C30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.1\\+1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B879EAC9-436F-454C-9974-D3CAECB9C018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2B6C0DE-FBEB-4704-B422-2D0689A120D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C997A75D-C176-4A6A-8997-D6F74BBBDF35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "540A0ACA-6E2A-45DF-B3C4-37F1DB6AA1BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.11.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4FDABE1-D6AA-498A-9E75-29D4E2231565",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "23D21ADF-742F-4B5E-BE76-2D79BD090A85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE3B0EB4-BEE9-4EAA-B347-376C04550098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD4F3902-615A-4EDD-BB81-03841E686C42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.0\\+1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B371FD0E-49A2-4A74-A047-16AC1FC5FB85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3427790A-846E-4F5D-B28A-3C175AEF6ADD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.1\\+1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAAADBF9-839C-486D-821B-460DCEDAF548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.1\\+2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDDDDEA8-6114-43F2-9FE7-393AF5E85380",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "378CD567-A5CD-48E2-BCA6-5E08335685EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.13.2\\+1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BEF6895-6555-48B2-8FED-2747BAAEB9C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5260D845-B580-49B7-8BEB-8EE3F0919BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.14.0\\+1:*:*:*:*:*:*:*",
              "matchCriteriaId": "744775BE-7FAF-4FFC-8F68-81C2B6FD71FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "19533000-5927-478D-A786-CB63E93948B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "70F2BDE0-CC4B-4C1C-9FFA-D4E3F5AA37DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.1\\+1:*:*:*:*:*:*:*",
              "matchCriteriaId": "973F6E89-D2E8-4C92-B534-43248587840D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.1\\+2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BC24DE0-7D6B-4284-A73A-E5982B49ACB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06C66BAD-4A07-4FAB-9BFF-50FB37D06647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.15.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6798D1A2-F961-48C5-A2F6-086A3A2DB456",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55F425AA-624E-41A9-83CD-19F913E39C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D3774F-C55C-40B6-A85D-DBD5DAE666C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:0.16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8315C60-79EF-4484-B54B-2E7E1FEB5FAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9ED06F2-8669-4C90-BB22-5DDE01DFD4F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6D49DD-22BB-47DB-A6A7-7378A42B5ECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "006FC04D-B81E-4828-9DAB-66A017C1D375",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "371FD10B-90BB-417C-A37E-F5C50EFAEF22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1FC3F03-3890-4466-8A0A-B020460B8507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "40FAE4C8-7F23-4E67-BA06-276BC3A5DE62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE6E9CCB-8DCF-41F8-A4DE-5B4D139E719A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0594B76-BE61-451D-8512-B9C81F476372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D248E3DA-D9FF-4A08-9C63-9B72AE946AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBCD24D-B863-4516-A7DD-1264D5D81BD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F72DB79-0C01-481A-A442-4489C5C859B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4166DE3D-3019-434F-9EC5-C74057F91F65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "836C565A-B1EB-4ED1-BCFB-EF60CFE9ED8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.5.0b\\+20090716:*:*:*:*:*:*:*",
              "matchCriteriaId": "C97AC9D6-897E-4347-B438-7940FB1A33FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4EB136B-45C1-439D-810F-E234267A44EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F49FE022-33DC-4F05-8D64-1E64816E391F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C0ECA2A-043C-4C36-9618-E3EAE45AA5CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED6751D-3C46-454C-8D57-876E3263400C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB98974A-D4FB-4B2D-98E3-B0ED08855EAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB2BBA2-1E14-459B-B5A3-8012A40977D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BA8CB92-71A5-4C5E-813F-BD1F6B2D60B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A51A46D-952D-4601-B882-977CF53575FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA3DAFB5-4406-4AFE-8D9D-6A18C4DAA696",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "453B8906-BE63-407B-B861-9718EE6BB30C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5844E49-FFD7-4304-BAAB-6C69CEC28B05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "48109CEF-9592-4245-B9A6-13A2B012C0E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "765ED51C-9627-43DE-A39F-E9D4F56B0518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1608D80-3703-49FF-9A51-B6D043644EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tatsuhiro_tsujikawa:aria2:1.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6B5F3B6-3D10-4F13-A53B-A4C99905728E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de salto de directorio en aria2 anteriores a v1.9.3,  permite a atacantes remotos crear ficheros de su elecci\u00f3n al utilizar caracteres .. (punto punto) en el atributo \"name\" de un elemento fichero en un fichero metalink."
    }
  ],
  "id": "CVE-2010-1512",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-05-17T21:00:01.377",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://downloads.sourceforge.net/project/aria2/stable/aria2-1.9.3/NEWS"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041753.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041754.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041758.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39529"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/39872"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://secunia.com/advisories/42906"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2010-71/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://security.gentoo.org/glsa/glsa-201101-04.xml"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.debian.org/security/2010/dsa-2047"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:106"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.osvdb.org/64592"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/archive/1/511280/100/0/threaded"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/40142"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2010/1228"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2010/1229"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.vupen.com/english/advisories/2011/0116"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://downloads.sourceforge.net/project/aria2/stable/aria2-1.9.3/NEWS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041753.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041754.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041758.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39529"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/39872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/secunia_research/2010-71/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201101-04.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2047"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/64592"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/511280/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/40142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/1229"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0116"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.