6.8

CVE-2014-4909

Exploit
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version12.04 Update- Editionlts
CanonicalUbuntu Linux Version13.10
CanonicalUbuntu Linux Version14.04 SwEditionlts
FedoraprojectFedora Version20
TransmissionbtTransmission Version <= 2.83
TransmissionbtTransmission Version0.1
TransmissionbtTransmission Version0.2
TransmissionbtTransmission Version0.3
TransmissionbtTransmission Version0.4
TransmissionbtTransmission Version0.5
TransmissionbtTransmission Version0.6
TransmissionbtTransmission Version0.6.1
TransmissionbtTransmission Version0.70
TransmissionbtTransmission Version0.71
TransmissionbtTransmission Version0.72
TransmissionbtTransmission Version0.80
TransmissionbtTransmission Version0.81
TransmissionbtTransmission Version0.82
TransmissionbtTransmission Version0.90
TransmissionbtTransmission Version0.91
TransmissionbtTransmission Version0.92
TransmissionbtTransmission Version0.93
TransmissionbtTransmission Version0.94
TransmissionbtTransmission Version0.95
TransmissionbtTransmission Version0.96
TransmissionbtTransmission Version1.00
TransmissionbtTransmission Version1.01
TransmissionbtTransmission Version1.02
TransmissionbtTransmission Version1.2
TransmissionbtTransmission Version1.03
TransmissionbtTransmission Version1.04
TransmissionbtTransmission Version1.05
TransmissionbtTransmission Version1.06
TransmissionbtTransmission Version1.10
TransmissionbtTransmission Version1.11
TransmissionbtTransmission Version1.20
TransmissionbtTransmission Version1.21
TransmissionbtTransmission Version1.22
TransmissionbtTransmission Version1.30
TransmissionbtTransmission Version1.31
TransmissionbtTransmission Version1.32
TransmissionbtTransmission Version1.33
TransmissionbtTransmission Version1.34
TransmissionbtTransmission Version1.40
TransmissionbtTransmission Version1.41
TransmissionbtTransmission Version1.42
TransmissionbtTransmission Version1.50
TransmissionbtTransmission Version1.51
TransmissionbtTransmission Version1.52
TransmissionbtTransmission Version1.53
TransmissionbtTransmission Version1.54
TransmissionbtTransmission Version1.60
TransmissionbtTransmission Version1.61
TransmissionbtTransmission Version1.70
TransmissionbtTransmission Version1.71
TransmissionbtTransmission Version1.72
TransmissionbtTransmission Version1.73
TransmissionbtTransmission Version1.74
TransmissionbtTransmission Version1.75
TransmissionbtTransmission Version1.76
TransmissionbtTransmission Version1.77
TransmissionbtTransmission Version1.80
TransmissionbtTransmission Version1.81
TransmissionbtTransmission Version1.82
TransmissionbtTransmission Version1.83
TransmissionbtTransmission Version1.90
TransmissionbtTransmission Version1.91
TransmissionbtTransmission Version1.92
TransmissionbtTransmission Version1.93
TransmissionbtTransmission Version2.00
TransmissionbtTransmission Version2.01
TransmissionbtTransmission Version2.02
TransmissionbtTransmission Version2.03
TransmissionbtTransmission Version2.04
TransmissionbtTransmission Version2.10
TransmissionbtTransmission Version2.11
TransmissionbtTransmission Version2.12
TransmissionbtTransmission Version2.13
TransmissionbtTransmission Version2.20
TransmissionbtTransmission Version2.21
TransmissionbtTransmission Version2.22
TransmissionbtTransmission Version2.30
TransmissionbtTransmission Version2.31
TransmissionbtTransmission Version2.32
TransmissionbtTransmission Version2.33
TransmissionbtTransmission Version2.40
TransmissionbtTransmission Version2.41
TransmissionbtTransmission Version2.42
TransmissionbtTransmission Version2.50
TransmissionbtTransmission Version2.51
TransmissionbtTransmission Version2.52
TransmissionbtTransmission Version2.60
TransmissionbtTransmission Version2.61
TransmissionbtTransmission Version2.70
TransmissionbtTransmission Version2.71
TransmissionbtTransmission Version2.72
TransmissionbtTransmission Version2.73
TransmissionbtTransmission Version2.74
TransmissionbtTransmission Version2.75
TransmissionbtTransmission Version2.76
TransmissionbtTransmission Version2.77
TransmissionbtTransmission Version2.80
TransmissionbtTransmission Version2.81
TransmissionbtTransmission Version2.82
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.41% 0.917
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://inertiawar.com/submission.go
Exploit
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html
http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html
http://secunia.com/advisories/59897
http://secunia.com/advisories/60108
http://secunia.com/advisories/60527
http://www.debian.org/security/2014/dsa-2988
http://www.openwall.com/lists/oss-security/2014/07/10/4
http://www.openwall.com/lists/oss-security/2014/07/11/5
http://www.osvdb.org/108997
http://www.securityfocus.com/bid/68487
http://www.ubuntu.com/usn/USN-2279-1
https://bugs.gentoo.org/show_bug.cgi?id=516822
https://bugzilla.redhat.com/show_bug.cgi?id=1118290
https://trac.transmissionbt.com/wiki/Changes#version-2.84
Vendor Advisory
https://twitter.com/benhawkes/statuses/484378151959539712