CVE-2010-0012

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
Path Traversal
Severity
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
transmissionbttransmission
1.22
transmissionbttransmission
1.34
transmissionbttransmission
1.75
transmissionbttransmission
1.76
debiandebian_linux
5.0
opensuseopensuse
11.0
opensuseopensuse
11.1
opensuseopensuse
11.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
transmission
bullseye
3.00-1
fixed
bookworm
3.00-2.1+deb12u1
fixed
sid
4.0.6+dfsg-3
fixed
trixie
4.0.6+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
transmission
karmic
Fixed 1.75-0ubuntu2.2
released
jaunty
Fixed 1.51-0ubuntu3.1
released
intrepid
Fixed 1.34-0ubuntu2.3
released
hardy
Fixed 1.06-0ubuntu6.1
released
dapper
dne