CVE-2020-8437

Опубликовано: 02 мар. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service.

Ссылки

https://blog.whtaguy.com/2020/09/utorrent-cve-2020-8437-vulnerability.html
Exploit
Third Party Advisory
https://forum.utorrent.com/forum/13-announcements/
Vendor Advisory
https://twitter.com/va_start
Third Party Advisory
https://utclient.utorrent.com/offers/beta_release_notes/release_notes.html
Release Notes
Vendor Advisory
https://blog.whtaguy.com/2020/09/utorrent-cve-2020-8437-vulnerability.html
Exploit
Third Party Advisory
https://forum.utorrent.com/forum/13-announcements/
Vendor Advisory
https://twitter.com/va_start
Third Party Advisory
https://utclient.utorrent.com/offers/beta_release_notes/release_notes.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bittorrent:utorrent:*:*:*:*:*:*:*:*

Версия до 3.5.5 (включая)

EPSS

Процентиль: 95%

0.20726

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

GHSA-f77w-22mg-cg9g