CVE-2008-4434

Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
VendorProductVersion
utorrentutorrent
𝑥
≤ 1.7.7
utorrentutorrent
1.1.1
utorrentutorrent
1.1.3
utorrentutorrent
1.1.4
utorrentutorrent
1.1.5
utorrentutorrent
1.1.6
utorrentutorrent
1.1.7
utorrentutorrent
1.2
utorrentutorrent
1.2.1
utorrentutorrent
1.2.2
utorrentutorrent
1.3
utorrentutorrent
1.4
utorrentutorrent
1.4.2
utorrentutorrent
1.5
utorrentutorrent
1.6
utorrentutorrent
1.7
utorrentutorrent
1.7.1
utorrentutorrent
1.7.2
utorrentutorrent
1.7.3
utorrentutorrent
1.7.4
utorrentutorrent
1.7.5
utorrentutorrent
1.7.6
bittorrentbittorrent
𝑥
≤ 6.0.3
bittorrentbittorrent
3.9.1
bittorrentbittorrent
4.0.0
bittorrentbittorrent
4.0.1
bittorrentbittorrent
4.0.2
bittorrentbittorrent
4.0.3
bittorrentbittorrent
4.0.4
bittorrentbittorrent
4.1.0
bittorrentbittorrent
4.1.1
bittorrentbittorrent
4.1.2
bittorrentbittorrent
4.1.3
bittorrentbittorrent
4.1.4
bittorrentbittorrent
4.1.5
bittorrentbittorrent
4.1.6
bittorrentbittorrent
4.1.7
bittorrentbittorrent
4.1.8
bittorrentbittorrent
4.2.0
bittorrentbittorrent
4.2.1
bittorrentbittorrent
4.2.2
bittorrentbittorrent
4.3.0
bittorrentbittorrent
4.3.1
bittorrentbittorrent
4.3.2
bittorrentbittorrent
4.3.3
bittorrentbittorrent
4.3.4
bittorrentbittorrent
4.3.5
bittorrentbittorrent
4.3.6
bittorrentbittorrent
4.4.0
bittorrentbittorrent
4.4.1
bittorrentbittorrent
4.9.2
bittorrentbittorrent
4.9.3
bittorrentbittorrent
4.9.4
bittorrentbittorrent
4.9.5
bittorrentbittorrent
4.9.6
bittorrentbittorrent
4.9.7
bittorrentbittorrent
4.9.8
bittorrentbittorrent
4.9.9
bittorrentbittorrent
4.20.0
bittorrentbittorrent
4.20.1
bittorrentbittorrent
4.20.2
bittorrentbittorrent
4.20.3
bittorrentbittorrent
4.20.4
bittorrentbittorrent
4.20.6
bittorrentbittorrent
4.20.7
bittorrentbittorrent
4.20.8
bittorrentbittorrent
4.20.9
bittorrentbittorrent
4.22.0
bittorrentbittorrent
4.22.1
bittorrentbittorrent
4.22.4
bittorrentbittorrent
4.24.0
bittorrentbittorrent
4.24.2
bittorrentbittorrent
4.26.0
bittorrentbittorrent
4.27.1
bittorrentbittorrent
4.27.2
bittorrentbittorrent
5.0.0
bittorrentbittorrent
5.0.1
bittorrentbittorrent
5.0.2
bittorrentbittorrent
5.0.3
bittorrentbittorrent
5.0.4
bittorrentbittorrent
5.0.5
bittorrentbittorrent
5.0.6
bittorrentbittorrent
5.0.7
bittorrentbittorrent
5.0.8
bittorrentbittorrent
5.0.9
bittorrentbittorrent
5.2.0
bittorrentbittorrent
6.0
bittorrentbittorrent
6.0.1
bittorrentbittorrent
6.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://forum.utorrent.com/viewtopic.php?id=44003
http://lists.immunitysec.com/pipermail/dailydave/attachments/20080811/35d6194b/attachment-0001.pdf
http://seclists.org/dailydave/2008/q3/0155.html
http://secunia.com/advisories/31441
http://secunia.com/advisories/31445
http://www.securityfocus.com/bid/30653
http://www.securitytracker.com/id?1020664
http://www.vupen.com/english/advisories/2008/2340
http://www.vupen.com/english/advisories/2008/2341
https://exchange.xforce.ibmcloud.com/vulnerabilities/44404
http://forum.utorrent.com/viewtopic.php?id=44003
http://lists.immunitysec.com/pipermail/dailydave/attachments/20080811/35d6194b/attachment-0001.pdf
http://seclists.org/dailydave/2008/q3/0155.html
http://secunia.com/advisories/31441
http://secunia.com/advisories/31445
http://www.securityfocus.com/bid/30653
http://www.securitytracker.com/id?1020664
http://www.vupen.com/english/advisories/2008/2340
http://www.vupen.com/english/advisories/2008/2341
https://exchange.xforce.ibmcloud.com/vulnerabilities/44404