3 results (0.005 seconds)

CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0

The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast. La función parse_chunk_header en libtorrent en versiones anteriores a 1.1.1 permite a atacantes remotos provocar una denegación de servicio (caída) a través de (1) una respuesta HTTP o posiblemente (2) una difusión UPnP manipuladas. • http://lists.opensuse.org/opensuse-updates/2016-06/msg00079.html http://lists.opensuse.org/opensuse-updates/2016-06/msg00103.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00043.html http://www.openwall.com/lists/oss-security/2016/06/04/9 http://www.openwall.com/lists/oss-security/2016/06/05/1 http://www.securityfocus.com/bid/91498 https://github.com/arvidn/libtorrent/issues/780 https://github.com/arvidn/libtorrent/pull/782/files • CWE-20: Improper Input Validation •

CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 1

Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file. Vulnerabilidad de salto de directorio en src/torrent_info.cpp en Rasterbar libtorrent anteriores a v0.14.4, utilizado en firetorrent, qBittorrent, deluge Torrent, y otras aplicaciones, permite a los atacantes remotos crear o sobrescribir archivos arbitrarios a través de .. (punto punto) y ruta relativa parciales en una elemento lista Modo archivo múltiple en un archivo . torrent. • http://census-labs.com/news/2009/06/08/libtorrent-rasterbar http://secunia.com/advisories/35277 http://secunia.com/advisories/35848 http://security.gentoo.org/glsa/glsa-200907-14.xml http://sourceforge.net/project/shownotes.php?group_id=79942&release_id=686456 http://www.debian.org/security/2009/dsa-1815 http://www.mandriva.com/security/advisories?name=MDVSA-2009:139 http://www.securityfocus.com/archive/1/504151/100/0/threaded http://www.securityfocus.com/bid/35262 http:/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 5%CPEs: 2EXPL: 1

The bdecode_recursive function in include/libtorrent/bencode.hpp in Rasterbar Software libtorrent before 0.12.1, as used in Deluge before 0.5.8.3 and other products, allows context-dependent attackers to cause a denial of service (stack exhaustion and crash) via a crafted bencoded message. La función recursiva bdecode en include/libtorrent/bencode.hpp en Rasterbar Software libtorrent versiones anteriores a 0.12.1, usado en Deluge versiones anteriores a 0.5.8.3 y en otros productos, permite a atacantes según contexto provocar una denegación de servicio (agotamiento de pila y caída) a través de un mensaje bencoded manipulado. • http://deluge-torrent.org/Changelog.php http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?r1=956&r2=1968&pathrev=1968 http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?view=log&pathrev=1968#rev1968 http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_13/include/libtorrent/bencode.hpp?view=log&pathrev=1968 http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/trunk/include/libtorrent/benco • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •