10 matches found
CVE-2026-57082 Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG
Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE Message Stream Encryption handshake derives its 160-bit Diffie-Hellman private key from Perl's rand, a non-cryptographic drand48-class generator seeded once per...
CVE-2026-57081 Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input
Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...
EUVD-2026-40290
Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...
CVE-2026-57079
Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata. Net::BitTorrent validates file path components only on the .torrent-file ingest path. The peer and magnet metadata path onmetadatareceived, reached from the BEP...
EUVD-2026-40288
Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata. Net::BitTorrent validates file path components only on the .torrent-file ingest path. The peer and magnet metadata path onmetadatareceived, reached from the BEP...
Wireshark 安全漏洞
Wireshark is a set of network packet analysis tools developed by the Wireshark team. The software’s function is to capture network packets and display detailed data for analysis. Versions of Wireshark from 4.6.0 to 4.6.4, as well as 4.4.0 to 4.4.14, have security vulnerabilities. These...
UAT-9244 targets South American telecommunication providers with three new malware implants
Cisco Talos is disclosing UAT-9244, who we assess with high confidence is a China-nexus advanced persistent threat APT actor closely associated with Famous Sparrow. Since 2024, UAT-9244 has targeted critical telecommunications infrastructure, including Windows and Linux-based endpoints and edge...
The vulnerability of BitTorrent DHT traffic analyzer software from Wireshark allows a hacker to cause a service failure.
The vulnerability of BitTorrent DHT traffic analyzer software from Wireshark involves executing a loop with an unavailable exit condition. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted packets...
Gazelle cross-site scripting vulnerability (CNVD-2017-05628)
Gazelle is a set of web frameworks for BitTorrent trackers. A cross-site scripting vulnerability exists in versions of Gazelle prior to 2017-03-19. A remote attacker can exploit the vulnerability to execute arbitrary HTML and script...
UBUNTU-CVE-2015-5685
The lazybdecode function in BitTorrent DHT bootstrap server bootstrap-dht allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing."...