CVE-2008-0646

EUVD-2008-0656
The bdecode_recursive function in include/libtorrent/bencode.hpp in Rasterbar Software libtorrent before 0.12.1, as used in Deluge before 0.5.8.3 and other products, allows context-dependent attackers to cause a denial of service (stack exhaustion and crash) via a crafted bencoded message.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
deluge_teamdeluge
𝑥
≤ 0.5.8.2
rasterbar_softwarelibtorrent
𝑥
≤ 0.12
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
deluge
dapper
dne
edgy
dne
feisty
dne
gutsy
dne
hardy
dne
intrepid
dne
deluge-torrent
dapper
dne
edgy
dne
feisty
dne
gutsy
ignored
hardy
not-affected
intrepid
not-affected
libtorrent
dapper
not-affected
edgy
not-affected
feisty
not-affected
gutsy
not-affected
hardy
not-affected
intrepid
not-affected
Common Weakness Enumeration
References
http://deluge-torrent.org/Changelog.php
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?r1=956&r2=1968&pathrev=1968
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?view=log&pathrev=1968#rev1968
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_13/include/libtorrent/bencode.hpp?view=log&pathrev=1968
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/trunk/include/libtorrent/bencode.hpp?view=log&pathrev=1968
http://secunia.com/advisories/28699
http://secunia.com/advisories/28700
http://secunia.com/advisories/28781
http://secunia.com/advisories/28782
http://www.securityfocus.com/bid/27597
http://www.vupen.com/english/advisories/2008/0383
http://www.vupen.com/english/advisories/2008/0384
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00001.html
http://deluge-torrent.org/Changelog.php
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?r1=956&r2=1968&pathrev=1968
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?view=log&pathrev=1968#rev1968
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_13/include/libtorrent/bencode.hpp?view=log&pathrev=1968
http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/trunk/include/libtorrent/bencode.hpp?view=log&pathrev=1968
http://secunia.com/advisories/28699
http://secunia.com/advisories/28700
http://secunia.com/advisories/28781
http://secunia.com/advisories/28782
http://www.securityfocus.com/bid/27597
http://www.vupen.com/english/advisories/2008/0383
http://www.vupen.com/english/advisories/2008/0384
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00001.html