ktorrent -- multiple vulnerabilities

ID 73F53712-D028-11DB-8C07-0211D85F11FB
Type freebsd
Reporter FreeBSD
Modified 2007-03-14T00:00:00


Two problems have been found in KTorrent:

KTorrent does not properly sanitize file names to filter out ".." components, so it's possible for an attacker to create a malicious torrent in order to overwrite arbitrary files within the filesystem. Messages with invalid chunk indexes aren't rejected.