CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7164
https://notcve.org/view.php?id=CVE-2016-7164
The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response. La función construct en puff.cpp en Libtorrent 1.1.0 permite a los seguidores de torrent remotos provocar una denegación de servicio (fallo de segmentación y caída) a través de una respuesta GZIP manipulada. • http://www.openwall.com/lists/oss-security/2016/09/08/1 http://www.openwall.com/lists/oss-security/2016/09/08/7 http://www.securityfocus.com/bid/92891 https://github.com/arvidn/libtorrent/issues/1021 https://github.com/arvidn/libtorrent/pull/1022 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2016-5301
https://notcve.org/view.php?id=CVE-2016-5301
The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. La función parse_chunk_header en libtorrent en versiones anteriores a 1.1.1 permite a atacantes remotos provocar una denegación de servicio (caída) a través de (1) una respuesta HTTP o posiblemente (2) una difusión UPnP manipuladas. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00079.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00103.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00043.html http://www.openwall.com/lists/oss-security/2016/06/04/9 http://www.openwall.com/lists/oss-security/2016/06/05/1 http://www.securityfocus.com/bid/91498 https://github.com/arvidn/libtorrent/issues/780 https://github.com/arvidn/libtorrent/pull/782/files • CWE-20: Improper Input Validation •