CVE-2014-4909

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
12.04
canonicalubuntu_linux
13.10
canonicalubuntu_linux
14.04
gentoolinux
*
transmissionbttransmission
𝑥
≤ 2.83
transmissionbttransmission
0.1
transmissionbttransmission
0.2
transmissionbttransmission
0.3
transmissionbttransmission
0.4
transmissionbttransmission
0.5
transmissionbttransmission
0.6
transmissionbttransmission
0.6.1
transmissionbttransmission
0.70
transmissionbttransmission
0.71
transmissionbttransmission
0.72
transmissionbttransmission
0.80
transmissionbttransmission
0.81
transmissionbttransmission
0.82
transmissionbttransmission
0.90
transmissionbttransmission
0.91
transmissionbttransmission
0.92
transmissionbttransmission
0.93
transmissionbttransmission
0.94
transmissionbttransmission
0.95
transmissionbttransmission
0.96
transmissionbttransmission
1.00
transmissionbttransmission
1.01
transmissionbttransmission
1.02
transmissionbttransmission
1.2
transmissionbttransmission
1.03
transmissionbttransmission
1.04
transmissionbttransmission
1.05
transmissionbttransmission
1.06
transmissionbttransmission
1.10
transmissionbttransmission
1.11
transmissionbttransmission
1.20
transmissionbttransmission
1.21
transmissionbttransmission
1.22
transmissionbttransmission
1.30
transmissionbttransmission
1.31
transmissionbttransmission
1.32
transmissionbttransmission
1.33
transmissionbttransmission
1.34
transmissionbttransmission
1.40
transmissionbttransmission
1.41
transmissionbttransmission
1.42
transmissionbttransmission
1.50
transmissionbttransmission
1.51
transmissionbttransmission
1.52
transmissionbttransmission
1.53
transmissionbttransmission
1.54
transmissionbttransmission
1.60
transmissionbttransmission
1.61
transmissionbttransmission
1.70
transmissionbttransmission
1.71
transmissionbttransmission
1.72
transmissionbttransmission
1.73
transmissionbttransmission
1.74
transmissionbttransmission
1.75
transmissionbttransmission
1.76
transmissionbttransmission
1.77
transmissionbttransmission
1.80
transmissionbttransmission
1.81
transmissionbttransmission
1.82
transmissionbttransmission
1.83
transmissionbttransmission
1.90
transmissionbttransmission
1.91
transmissionbttransmission
1.92
transmissionbttransmission
1.93
transmissionbttransmission
2.00
transmissionbttransmission
2.01
transmissionbttransmission
2.02
transmissionbttransmission
2.03
transmissionbttransmission
2.04
transmissionbttransmission
2.10
transmissionbttransmission
2.11
transmissionbttransmission
2.12
transmissionbttransmission
2.13
transmissionbttransmission
2.20
transmissionbttransmission
2.21
transmissionbttransmission
2.22
transmissionbttransmission
2.30
transmissionbttransmission
2.31
transmissionbttransmission
2.32
transmissionbttransmission
2.33
transmissionbttransmission
2.40
transmissionbttransmission
2.41
transmissionbttransmission
2.42
transmissionbttransmission
2.50
transmissionbttransmission
2.51
transmissionbttransmission
2.52
transmissionbttransmission
2.60
transmissionbttransmission
2.61
transmissionbttransmission
2.70
transmissionbttransmission
2.71
transmissionbttransmission
2.72
transmissionbttransmission
2.73
transmissionbttransmission
2.74
transmissionbttransmission
2.75
transmissionbttransmission
2.76
transmissionbttransmission
2.77
transmissionbttransmission
2.80
transmissionbttransmission
2.81
transmissionbttransmission
2.82
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
transmission
bookworm
3.00-2.1+deb12u1
fixed
bullseye
3.00-1
fixed
sid
4.0.6+dfsg-3
fixed
squeeze
not-affected
trixie
4.0.6+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
transmission
lucid
ignored
precise
Fixed 2.51-0ubuntu1.4
released
saucy
Fixed 2.82-0ubuntu1.1
released
trusty
Fixed 2.82-1.1ubuntu3.1
released
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
transmission
Amazon Linux 1
0:2.84-1.9.amzn1
fixed
transmission-cli
Amazon Linux 1
0:2.84-1.9.amzn1
fixed
transmission-common
Amazon Linux 1
0:2.84-1.9.amzn1
fixed
transmission-daemon
Amazon Linux 1
0:2.84-1.9.amzn1
fixed
transmission-debuginfo
Amazon Linux 1
0:2.84-1.9.amzn1
fixed
Common Weakness Enumeration
References