[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-4909Date: (C)2014-08-01   (M)2023-12-22


Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
OSVDB-108997
SECUNIA-59897
SECUNIA-60108
SECUNIA-60527
BID-68487
DSA-2988
FEDORA-2014-8331
USN-2279-1
http://www.openwall.com/lists/oss-security/2014/07/10/4
http://www.openwall.com/lists/oss-security/2014/07/11/5
http://inertiawar.com/submission.go
https://bugs.gentoo.org/show_bug.cgi?id=516822
https://bugzilla.redhat.com/show_bug.cgi?id=1118290
https://trac.transmissionbt.com/wiki/Changes#version-2.84
https://twitter.com/benhawkes/statuses/484378151959539712
openSUSE-SU-2014:0980

CPE    105
cpe:/a:transmissionbt:transmission:2.42
cpe:/a:transmissionbt:transmission:1.74
cpe:/a:transmissionbt:transmission:1.75
cpe:/a:transmissionbt:transmission:2.40
...
CWE    1
CWE-189
OVAL    6
oval:org.secpod.oval:def:52257
oval:org.secpod.oval:def:107355
oval:org.secpod.oval:def:107191
oval:org.secpod.oval:def:1600105
...

© SecPod Technologies