CVE-2008-7166

Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header.  NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
bittorrentbittorrent
𝑥
≤ 6.0.1
bittorrentbittorrent
3.9.1
bittorrentbittorrent
4.0.0
bittorrentbittorrent
4.0.1
bittorrentbittorrent
4.0.2
bittorrentbittorrent
4.0.3
bittorrentbittorrent
4.0.4
bittorrentbittorrent
4.1.0
bittorrentbittorrent
4.1.1
bittorrentbittorrent
4.1.2
bittorrentbittorrent
4.1.3
bittorrentbittorrent
4.1.4
bittorrentbittorrent
4.1.5
bittorrentbittorrent
4.1.6
bittorrentbittorrent
4.1.7
bittorrentbittorrent
4.1.8
bittorrentbittorrent
4.2.0
bittorrentbittorrent
4.2.1
bittorrentbittorrent
4.2.2
bittorrentbittorrent
4.3.0
bittorrentbittorrent
4.3.1
bittorrentbittorrent
4.3.2
bittorrentbittorrent
4.3.3
bittorrentbittorrent
4.3.4
bittorrentbittorrent
4.3.5
bittorrentbittorrent
4.3.6
bittorrentbittorrent
4.4.0
bittorrentbittorrent
4.4.1
bittorrentbittorrent
4.9.2
bittorrentbittorrent
4.9.3
bittorrentbittorrent
4.9.4
bittorrentbittorrent
4.9.5
bittorrentbittorrent
4.9.6
bittorrentbittorrent
4.9.7
bittorrentbittorrent
4.9.8
bittorrentbittorrent
4.9.9
bittorrentbittorrent
4.20.0
bittorrentbittorrent
4.20.1
bittorrentbittorrent
4.20.2
bittorrentbittorrent
4.20.3
bittorrentbittorrent
4.20.4
bittorrentbittorrent
4.20.6
bittorrentbittorrent
4.20.7
bittorrentbittorrent
4.20.8
bittorrentbittorrent
4.20.9
bittorrentbittorrent
4.22.0
bittorrentbittorrent
4.22.1
bittorrentbittorrent
4.22.4
bittorrentbittorrent
4.24.0
bittorrentbittorrent
4.24.2
bittorrentbittorrent
4.26.0
bittorrentbittorrent
4.27.1
bittorrentbittorrent
4.27.2
bittorrentbittorrent
5.0.0
bittorrentbittorrent
5.0.1
bittorrentbittorrent
5.0.2
bittorrentbittorrent
5.0.3
bittorrentbittorrent
5.0.4
bittorrentbittorrent
5.0.5
bittorrentbittorrent
5.0.6
bittorrentbittorrent
5.0.7
bittorrentbittorrent
5.0.8
bittorrentbittorrent
5.0.9
bittorrentbittorrent
5.2.0
bittorrentbittorrent
6.0
utorrentutorrent
𝑥
≤ 1.7.6
utorrentutorrent
1.1.1
utorrentutorrent
1.1.3
utorrentutorrent
1.1.4
utorrentutorrent
1.1.5
utorrentutorrent
1.1.6
utorrentutorrent
1.1.7
utorrentutorrent
1.2
utorrentutorrent
1.2.1
utorrentutorrent
1.2.2
utorrentutorrent
1.3
utorrentutorrent
1.4
utorrentutorrent
1.4.2
utorrentutorrent
1.5
utorrentutorrent
1.6
utorrentutorrent
1.7
utorrentutorrent
1.7.1
utorrentutorrent
1.7.2
utorrentutorrent
1.7.3
utorrentutorrent
1.7.4
utorrentutorrent
1.7.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://aluigi.altervista.org/adv/ruttorrent2-adv.txt
http://osvdb.org/42825
http://osvdb.org/42826
http://secunia.com/advisories/28686
http://secunia.com/advisories/28695
http://www.vupen.com/english/advisories/2008/0326
http://www.vupen.com/english/advisories/2008/0327
http://aluigi.altervista.org/adv/ruttorrent2-adv.txt
http://osvdb.org/42825
http://osvdb.org/42826
http://secunia.com/advisories/28686
http://secunia.com/advisories/28695
http://www.vupen.com/english/advisories/2008/0326
http://www.vupen.com/english/advisories/2008/0327