9.3

CVE-2009-1759

Exploit
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RahulDtorrent Version3.2.0
RahulDtorrent Version3.3.0
RahulDtorrent Version3.3.1
RahulDtorrent Version3.3.2
RahulCtorrent Version1.3.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 14.14% 0.961
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch
Patch
http://secunia.com/advisories/34752
Vendor Advisory
http://secunia.com/advisories/35499
http://secunia.com/advisories/36471
http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959
http://www.debian.org/security/2009/dsa-1817
http://www.openwall.com/lists/oss-security/2009/05/20/3
Patch
http://www.securityfocus.com/bid/34584
Patch
Exploit
http://www.vupen.com/english/advisories/2009/1092
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=501813
https://exchange.xforce.ibmcloud.com/vulnerabilities/49959
https://www.exploit-db.com/exploits/8470
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01010.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01102.html