CVE-2015-5685

Опубликовано: 13 авг. 2015

Источник: debian

EPSS Низкий

Описание

The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libtorrent-rasterbar	fixed	1.0.6-1		package
libtorrent-rasterbar	no-dsa		jessie	package
libtorrent-rasterbar	no-dsa		wheezy	package

Примечания

Even though the CVE mentions BitTorrent DHT Bootstrap server, the vulnerable lazy_bdecode() function is effectively also available in libtorrent-rasterbar in all Debian releases.
Patch on libtorrent-rasterbar that has been applied in 1.0.6: https://github.com/arvidn/libtorrent/commit/d9945f6f50a8c967888cd9c2ebe65ffbe462056e

EPSS

Процентиль: 89%

0.04981

Низкий

Связанные уязвимости

CVE-2015-5685

ubuntu

почти 10 лет назад

The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."

CVE-2015-5685

nvd

почти 10 лет назад

The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."

GHSA-2472-r3qx-5cf2

github

около 3 лет назад

The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."

EPSS

Процентиль: 89%

0.04981

Низкий