Lucene search

MitreCVE-2008-4434

HistoryOct 03, 2008 - 10:22 p.m.

CVE-2008-4434

2008-10-0322:22:45

CWE-119

mitre

web.nvd.nist.gov

cve-2008-4434

buffer overflow

utorrent

bittorrent

denial of service

remote code execution

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.126

Percentile

95.5%

JSON

Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file.

Affected configurations

Nvd

Node

utorrentutorrentRange≤1.7.7

utorrentutorrentMatch1.1.1

utorrentutorrentMatch1.1.3

utorrentutorrentMatch1.1.4

utorrentutorrentMatch1.1.5

utorrentutorrentMatch1.1.6

utorrentutorrentMatch1.1.7

utorrentutorrentMatch1.2

utorrentutorrentMatch1.2.1

utorrentutorrentMatch1.2.2

utorrentutorrentMatch1.3

utorrentutorrentMatch1.4

utorrentutorrentMatch1.4.2

utorrentutorrentMatch1.5

utorrentutorrentMatch1.6

utorrentutorrentMatch1.7

utorrentutorrentMatch1.7.1

utorrentutorrentMatch1.7.2

utorrentutorrentMatch1.7.3

utorrentutorrentMatch1.7.4

utorrentutorrentMatch1.7.5

utorrentutorrentMatch1.7.6

Node

bittorrentbittorrentRange≤6.0.3

bittorrentbittorrentMatch3.9.1

bittorrentbittorrentMatch4.0.0

bittorrentbittorrentMatch4.0.1

bittorrentbittorrentMatch4.0.2

bittorrentbittorrentMatch4.0.3

bittorrentbittorrentMatch4.0.4

bittorrentbittorrentMatch4.1.0

bittorrentbittorrentMatch4.1.1

bittorrentbittorrentMatch4.1.2

bittorrentbittorrentMatch4.1.3

bittorrentbittorrentMatch4.1.4

bittorrentbittorrentMatch4.1.5

bittorrentbittorrentMatch4.1.6

bittorrentbittorrentMatch4.1.7

bittorrentbittorrentMatch4.1.8

bittorrentbittorrentMatch4.2.0

bittorrentbittorrentMatch4.2.1

bittorrentbittorrentMatch4.2.2

bittorrentbittorrentMatch4.3.0

bittorrentbittorrentMatch4.3.1

bittorrentbittorrentMatch4.3.2

bittorrentbittorrentMatch4.3.3

bittorrentbittorrentMatch4.3.4

bittorrentbittorrentMatch4.3.5

bittorrentbittorrentMatch4.3.6

bittorrentbittorrentMatch4.4.0

bittorrentbittorrentMatch4.4.1

bittorrentbittorrentMatch4.9.2

bittorrentbittorrentMatch4.9.3

bittorrentbittorrentMatch4.9.4

bittorrentbittorrentMatch4.9.5

bittorrentbittorrentMatch4.9.6

bittorrentbittorrentMatch4.9.7

bittorrentbittorrentMatch4.9.8

bittorrentbittorrentMatch4.9.9

bittorrentbittorrentMatch4.20.0

bittorrentbittorrentMatch4.20.1

bittorrentbittorrentMatch4.20.2

bittorrentbittorrentMatch4.20.3

bittorrentbittorrentMatch4.20.4

bittorrentbittorrentMatch4.20.6

bittorrentbittorrentMatch4.20.7

bittorrentbittorrentMatch4.20.8

bittorrentbittorrentMatch4.20.9

bittorrentbittorrentMatch4.22.0

bittorrentbittorrentMatch4.22.1

bittorrentbittorrentMatch4.22.4

bittorrentbittorrentMatch4.24.0

bittorrentbittorrentMatch4.24.2

bittorrentbittorrentMatch4.26.0

bittorrentbittorrentMatch4.27.1

bittorrentbittorrentMatch4.27.2

bittorrentbittorrentMatch5.0.0

bittorrentbittorrentMatch5.0.1

bittorrentbittorrentMatch5.0.2

bittorrentbittorrentMatch5.0.3

bittorrentbittorrentMatch5.0.4

bittorrentbittorrentMatch5.0.5

bittorrentbittorrentMatch5.0.6

bittorrentbittorrentMatch5.0.7

bittorrentbittorrentMatch5.0.8

bittorrentbittorrentMatch5.0.9

bittorrentbittorrentMatch5.2.0

bittorrentbittorrentMatch6.0

bittorrentbittorrentMatch6.0.1

bittorrentbittorrentMatch6.0.2

VendorProductVersionCPE
utorrentutorrent*cpe:2.3:a:utorrent:utorrent:*:*:*:*:*:*:*:*
utorrentutorrent1.1.1cpe:2.3:a:utorrent:utorrent:1.1.1:*:*:*:*:*:*:*
utorrentutorrent1.1.3cpe:2.3:a:utorrent:utorrent:1.1.3:*:*:*:*:*:*:*
utorrentutorrent1.1.4cpe:2.3:a:utorrent:utorrent:1.1.4:*:*:*:*:*:*:*
utorrentutorrent1.1.5cpe:2.3:a:utorrent:utorrent:1.1.5:*:*:*:*:*:*:*
utorrentutorrent1.1.6cpe:2.3:a:utorrent:utorrent:1.1.6:*:*:*:*:*:*:*
utorrentutorrent1.1.7cpe:2.3:a:utorrent:utorrent:1.1.7:*:*:*:*:*:*:*
utorrentutorrent1.2cpe:2.3:a:utorrent:utorrent:1.2:*:*:*:*:*:*:*
utorrentutorrent1.2.1cpe:2.3:a:utorrent:utorrent:1.2.1:*:*:*:*:*:*:*
utorrentutorrent1.2.2cpe:2.3:a:utorrent:utorrent:1.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
utorrent	utorrent	*	cpe:2.3:a:utorrent:utorrent::::::::
utorrent	utorrent	1.1.1	cpe:2.3:a:utorrent:utorrent:1.1.1:::::::*
utorrent	utorrent	1.1.3	cpe:2.3:a:utorrent:utorrent:1.1.3:::::::*
utorrent	utorrent	1.1.4	cpe:2.3:a:utorrent:utorrent:1.1.4:::::::*
utorrent	utorrent	1.1.5	cpe:2.3:a:utorrent:utorrent:1.1.5:::::::*
utorrent	utorrent	1.1.6	cpe:2.3:a:utorrent:utorrent:1.1.6:::::::*
utorrent	utorrent	1.1.7	cpe:2.3:a:utorrent:utorrent:1.1.7:::::::*
utorrent	utorrent	1.2	cpe:2.3:a:utorrent:utorrent:1.2:::::::*
utorrent	utorrent	1.2.1	cpe:2.3:a:utorrent:utorrent:1.2.1:::::::*
utorrent	utorrent	1.2.2	cpe:2.3:a:utorrent:utorrent:1.2.2:::::::*

Rows per page:

1-10 of 891

References

forum.utorrent.com/viewtopic.php?id=44003

lists.immunitysec.com/pipermail/dailydave/attachments/20080811/35d6194b/attachment-0001.pdf

seclists.org/dailydave/2008/q3/0155.html

secunia.com/advisories/31441

secunia.com/advisories/31445

www.securityfocus.com/bid/30653

www.securitytracker.com/id?1020664

www.vupen.com/english/advisories/2008/2340

www.vupen.com/english/advisories/2008/2341

exchange.xforce.ibmcloud.com/vulnerabilities/44404

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.126

Percentile

95.5%

JSON

Related for CVE-2008-4434