MitreCVE-2009-1759CVE-2009-1759
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
96.5%
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rahul | dtorrent | 3.2.0 | cpe:2.3:a:rahul:dtorrent:3.2.0:*:*:*:*:*:*:* |
| rahul | dtorrent | 3.3.0 | cpe:2.3:a:rahul:dtorrent:3.3.0:*:*:*:*:*:*:* |
| rahul | dtorrent | 3.3.1 | cpe:2.3:a:rahul:dtorrent:3.3.1:*:*:*:*:*:*:* |
| rahul | dtorrent | 3.3.2 | cpe:2.3:a:rahul:dtorrent:3.3.2:*:*:*:*:*:*:* |
| rahul | ctorrent | 1.3.4 | cpe:2.3:a:rahul:ctorrent:1.3.4:*:*:*:*:*:*:* |
References
dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch
secunia.com/advisories/34752
secunia.com/advisories/35499
secunia.com/advisories/36471
sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959
www.debian.org/security/2009/dsa-1817
www.openwall.com/lists/oss-security/2009/05/20/3
www.securityfocus.com/bid/34584
www.vupen.com/english/advisories/2009/1092
bugzilla.redhat.com/show_bug.cgi?id=501813
exchange.xforce.ibmcloud.com/vulnerabilities/49959
www.exploit-db.com/exploits/8470
www.redhat.com/archives/fedora-package-announce/2009-August/msg01010.html
www.redhat.com/archives/fedora-package-announce/2009-August/msg01102.html
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
96.5%