CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 1CVE-2009-1760
https://notcve.org/view.php?id=CVE-2009-1760
Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file. Vulnerabilidad de salto de directorio en src/torrent_info.cpp en Rasterbar libtorrent anteriores a v0.14.4, utilizado en firetorrent, qBittorrent, deluge Torrent, y otras aplicaciones, permite a los atacantes remotos crear o sobrescribir archivos arbitrarios a través de .. (punto punto) y ruta relativa parciales en una elemento lista Modo archivo múltiple en un archivo . torrent. • http://census-labs.com/news/2009/06/08/libtorrent-rasterbar http://secunia.com/advisories/35277 http://secunia.com/advisories/35848 http://security.gentoo.org/glsa/glsa-200907-14.xml http://sourceforge.net/project/shownotes.php?group_id=79942&release_id=686456 http://www.debian.org/security/2009/dsa-1815 http://www.mandriva.com/security/advisories?name=MDVSA-2009:139 http://www.securityfocus.com/archive/1/504151/100/0/threaded http://www.securityfocus.com/bid/35262 http:/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 5%CPEs: 2EXPL: 1CVE-2008-0646
https://notcve.org/view.php?id=CVE-2008-0646
The bdecode_recursive function in include/libtorrent/bencode.hpp in Rasterbar Software libtorrent before 0.12.1, as used in Deluge before 0.5.8.3 and other products, allows context-dependent attackers to cause a denial of service (stack exhaustion and crash) via a crafted bencoded message. La función recursiva bdecode en include/libtorrent/bencode.hpp en Rasterbar Software libtorrent versiones anteriores a 0.12.1, usado en Deluge versiones anteriores a 0.5.8.3 y en otros productos, permite a atacantes según contexto provocar una denegación de servicio (agotamiento de pila y caída) a través de un mensaje bencoded manipulado. • http://deluge-torrent.org/Changelog.php http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?r1=956&r2=1968&pathrev=1968 http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?view=log&pathrev=1968#rev1968 http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_13/include/libtorrent/bencode.hpp?view=log&pathrev=1968 http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/trunk/include/libtorrent/benco • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •