Vulnerability CVE-2008-0646


Published: 2008-02-07   Modified: 2012-02-12

Description:
The bdecode_recursive function in include/libtorrent/bencode.hpp in Rasterbar Software libtorrent before 0.12.1, as used in Deluge before 0.5.8.3 and other products, allows context-dependent attackers to cause a denial of service (stack exhaustion and crash) via a crafted bencoded message.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Rasterbar software -> Libtorrent 
Deluge team -> Deluge 

 References:
http://www.securityfocus.com/bid/27597
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00001.html
http://www.vupen.com/english/advisories/2008/0384
http://www.vupen.com/english/advisories/2008/0383
http://secunia.com/advisories/28781
http://secunia.com/advisories/28700
http://secunia.com/advisories/28699
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/trunk/include/libtorrent/bencode.hpp?view=log&pathrev=1968
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_13/include/libtorrent/bencode.hpp?view=log&pathrev=1968
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?view=log&pathrev=1968#rev1968
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?r1=956&r2=1968&pathrev=1968
http://deluge-torrent.org/Changelog.php
http://secunia.com/advisories/28782

Copyright 2024, cxsecurity.com

 

Back to Top