CVE-2017-9847

Опубликовано: 24 июн. 2017

Источник: debian

Описание

The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libtorrent-rasterbar	fixed	1.1.4-1		package
libtorrent-rasterbar	no-dsa		stretch	package
libtorrent-rasterbar	no-dsa		jessie	package
libtorrent-rasterbar	not-affected		wheezy	package

Примечания

https://github.com/arvidn/libtorrent/issues/2099
Fixed by: https://github.com/arvidn/libtorrent/commit/ec30a5e9ec703afb8abefba757c6d401303b53db
Pre-1.1.0 versions possibly similarly affected in lazy_bdecode.cpp

Связанные уязвимости

CVE-2017-9847

CVSS3: 5.5

ubuntu

больше 8 лет назад

The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

CVE-2017-9847

CVSS3: 5.5

nvd

больше 8 лет назад

The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.

GHSA-cprj-g8xp-69pf

CVSS3: 5.5

github

больше 3 лет назад

The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.