Lucene search

[email protected]CVE-2008-4434

HistoryOct 03, 2008 - 10:22 p.m.

CVE-2008-4434

2008-10-0322:22:45

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-4434

buffer overflow

utorrent

bittorrent

denial of service

remote code execution

nvd

8.1 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.126 Low

EPSS

Percentile

95.5%

JSON

Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file.

Affected configurations

NVD

Node

utorrentutorrentRange≤1.7.7

utorrentutorrentMatch1.1.1

utorrentutorrentMatch1.1.3

utorrentutorrentMatch1.1.4

utorrentutorrentMatch1.1.5

utorrentutorrentMatch1.1.6

utorrentutorrentMatch1.1.7

utorrentutorrentMatch1.2

utorrentutorrentMatch1.2.1

utorrentutorrentMatch1.2.2

utorrentutorrentMatch1.3

utorrentutorrentMatch1.4

utorrentutorrentMatch1.4.2

utorrentutorrentMatch1.5

utorrentutorrentMatch1.6

utorrentutorrentMatch1.7

utorrentutorrentMatch1.7.1

utorrentutorrentMatch1.7.2

utorrentutorrentMatch1.7.3

utorrentutorrentMatch1.7.4

utorrentutorrentMatch1.7.5

utorrentutorrentMatch1.7.6

Node

bittorrentbittorrentRange≤6.0.3

bittorrentbittorrentMatch3.9.1

bittorrentbittorrentMatch4.0.0

bittorrentbittorrentMatch4.0.1

bittorrentbittorrentMatch4.0.2

bittorrentbittorrentMatch4.0.3

bittorrentbittorrentMatch4.0.4

bittorrentbittorrentMatch4.1.0

bittorrentbittorrentMatch4.1.1

bittorrentbittorrentMatch4.1.2

bittorrentbittorrentMatch4.1.3

bittorrentbittorrentMatch4.1.4

bittorrentbittorrentMatch4.1.5

bittorrentbittorrentMatch4.1.6

bittorrentbittorrentMatch4.1.7

bittorrentbittorrentMatch4.1.8

bittorrentbittorrentMatch4.2.0

bittorrentbittorrentMatch4.2.1

bittorrentbittorrentMatch4.2.2

bittorrentbittorrentMatch4.3.0

bittorrentbittorrentMatch4.3.1

bittorrentbittorrentMatch4.3.2

bittorrentbittorrentMatch4.3.3

bittorrentbittorrentMatch4.3.4

bittorrentbittorrentMatch4.3.5

bittorrentbittorrentMatch4.3.6

bittorrentbittorrentMatch4.4.0

bittorrentbittorrentMatch4.4.1

bittorrentbittorrentMatch4.9.2

bittorrentbittorrentMatch4.9.3

bittorrentbittorrentMatch4.9.4

bittorrentbittorrentMatch4.9.5

bittorrentbittorrentMatch4.9.6

bittorrentbittorrentMatch4.9.7

bittorrentbittorrentMatch4.9.8

bittorrentbittorrentMatch4.9.9

bittorrentbittorrentMatch4.20.0

bittorrentbittorrentMatch4.20.1

bittorrentbittorrentMatch4.20.2

bittorrentbittorrentMatch4.20.3

bittorrentbittorrentMatch4.20.4

bittorrentbittorrentMatch4.20.6

bittorrentbittorrentMatch4.20.7

bittorrentbittorrentMatch4.20.8

bittorrentbittorrentMatch4.20.9

bittorrentbittorrentMatch4.22.0

bittorrentbittorrentMatch4.22.1

bittorrentbittorrentMatch4.22.4

bittorrentbittorrentMatch4.24.0

bittorrentbittorrentMatch4.24.2

bittorrentbittorrentMatch4.26.0

bittorrentbittorrentMatch4.27.1

bittorrentbittorrentMatch4.27.2

bittorrentbittorrentMatch5.0.0

bittorrentbittorrentMatch5.0.1

bittorrentbittorrentMatch5.0.2

bittorrentbittorrentMatch5.0.3

bittorrentbittorrentMatch5.0.4

bittorrentbittorrentMatch5.0.5

bittorrentbittorrentMatch5.0.6

bittorrentbittorrentMatch5.0.7

bittorrentbittorrentMatch5.0.8

bittorrentbittorrentMatch5.0.9

bittorrentbittorrentMatch5.2.0

bittorrentbittorrentMatch6.0

bittorrentbittorrentMatch6.0.1

bittorrentbittorrentMatch6.0.2

CPENameOperatorVersion
utorrent:utorrentutorrentle1.7.7
utorrent:utorrentutorrenteq1.1.1
utorrent:utorrentutorrenteq1.1.3
utorrent:utorrentutorrenteq1.1.4
utorrent:utorrentutorrenteq1.1.5
utorrent:utorrentutorrenteq1.1.6
utorrent:utorrentutorrenteq1.1.7
utorrent:utorrentutorrenteq1.2
utorrent:utorrentutorrenteq1.2.1
utorrent:utorrentutorrenteq1.2.2

CPE	Name	Operator	Version
utorrent:utorrent	utorrent	le	1.7.7
utorrent:utorrent	utorrent	eq	1.1.1
utorrent:utorrent	utorrent	eq	1.1.3
utorrent:utorrent	utorrent	eq	1.1.4
utorrent:utorrent	utorrent	eq	1.1.5
utorrent:utorrent	utorrent	eq	1.1.6
utorrent:utorrent	utorrent	eq	1.1.7
utorrent:utorrent	utorrent	eq	1.2
utorrent:utorrent	utorrent	eq	1.2.1
utorrent:utorrent	utorrent	eq	1.2.2

Rows per page:

1-10 of 221

References

forum.utorrent.com/viewtopic.php?id=44003

lists.immunitysec.com/pipermail/dailydave/attachments/20080811/35d6194b/attachment-0001.pdf

seclists.org/dailydave/2008/q3/0155.html

secunia.com/advisories/31441

secunia.com/advisories/31445

www.securityfocus.com/bid/30653

www.securitytracker.com/id?1020664

www.vupen.com/english/advisories/2008/2340

www.vupen.com/english/advisories/2008/2341

exchange.xforce.ibmcloud.com/vulnerabilities/44404

8.1 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.126 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2008-4434

cvelist1 prion1 kaspersky1 nvd1