CVE-2014-4909

2014-07-2914:55:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2014-4909

integer overflow

tr_bitfieldensurenthbitalloced function

bitfield.c

transmission

denial of service

execute arbitrary code

7.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.04 Low

EPSS

Percentile

92.0%

JSON

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

CPENameOperatorVersion
canonical:ubuntu_linuxcanonical ubuntu linuxeq13.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq12.04
fedoraproject:fedorafedoraproject fedoraeq20
gentoo:linuxgentoo linuxeq*
transmissionbt:transmissiontransmissionbt transmissioneq0.91
transmissionbt:transmissiontransmissionbt transmissioneq2.51
transmissionbt:transmissiontransmissionbt transmissioneq1.81
transmissionbt:transmissiontransmissionbt transmissioneq2.21
transmissionbt:transmissiontransmissionbt transmissioneq1.04

CPE	Name	Operator	Version
canonical:ubuntu_linux	canonical ubuntu linux	eq	13.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	12.04
fedoraproject:fedora	fedoraproject fedora	eq	20
gentoo:linux	gentoo linux	eq	*
transmissionbt:transmission	transmissionbt transmission	eq	0.91
transmissionbt:transmission	transmissionbt transmission	eq	2.51
transmissionbt:transmission	transmissionbt transmission	eq	1.81
transmissionbt:transmission	transmissionbt transmission	eq	2.21
transmissionbt:transmission	transmissionbt transmission	eq	1.04