7.8

CVE-2008-0646

Exploit
The bdecode_recursive function in include/libtorrent/bencode.hpp in Rasterbar Software libtorrent before 0.12.1, as used in Deluge before 0.5.8.3 and other products, allows context-dependent attackers to cause a denial of service (stack exhaustion and crash) via a crafted bencoded message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Deluge TeamDeluge Version <= 0.5.8.2
Rasterbar SoftwareLibtorrent Version <= 0.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.24% 0.806
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://deluge-torrent.org/Changelog.php
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?r1=956&r2=1968&pathrev=1968
Exploit
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?view=log&pathrev=1968#rev1968
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_13/include/libtorrent/bencode.hpp?view=log&pathrev=1968
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/trunk/include/libtorrent/bencode.hpp?view=log&pathrev=1968
http://secunia.com/advisories/28699
Vendor Advisory
http://secunia.com/advisories/28700
http://secunia.com/advisories/28781
Vendor Advisory
http://secunia.com/advisories/28782
http://www.securityfocus.com/bid/27597
Patch
http://www.vupen.com/english/advisories/2008/0383
http://www.vupen.com/english/advisories/2008/0384
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00001.html