MidnightBSD

Advisories for transmissionbt

CVE-2010-0012 MEDIUM

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
opensuse opensuse 11.0
opensuse opensuse 11.1
transmissionbt transmission 1.34
opensuse opensuse 11.2
transmissionbt transmission 1.22
debian debian_linux 5.0
transmissionbt transmission 1.76
transmissionbt transmission 1.75
CVE-2010-1853 MEDIUM

Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
transmissionbt transmission 1.91
CVE-2012-6129 HIGH

Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
transmissionbt transmission 1.40
transmissionbt transmission 1.04
transmissionbt transmission 0.94
transmissionbt transmission 2.10
canonical ubuntu_linux 12.10
transmissionbt transmission 2.42
transmissionbt transmission 1.42
transmissionbt transmission 1.75
transmissionbt transmission 2.50
transmissionbt transmission 2.33
transmissionbt transmission 0.96
transmissionbt transmission 1.91
transmissionbt transmission 1.51
transmissionbt transmission 2.72
transmissionbt transmission 1.50
transmissionbt transmission 1.90
transmissionbt transmission 1.20
transmissionbt transmission 0.2
transmissionbt transmission 1.81
transmissionbt transmission 2.13
transmissionbt transmission 2.30
transmissionbt transmission 1.60
transmissionbt transmission 1.54
transmissionbt transmission 2.41
transmissionbt transmission 2.03
transmissionbt transmission 1.83
transmissionbt transmission 1.33
transmissionbt transmission 1.53
transmissionbt transmission 1.73
transmissionbt transmission 2.31
transmissionbt transmission *
transmissionbt transmission 1.03
transmissionbt transmission 2.51
transmissionbt transmission 1.34
transmissionbt transmission 0.70
transmissionbt transmission 0.1
transmissionbt transmission 1.05
transmissionbt transmission 0.81
transmissionbt transmission 2.32
transmissionbt transmission 1.10
transmissionbt transmission 2.02
transmissionbt transmission 0.80
transmissionbt transmission 2.52
transmissionbt transmission 2.70
transmissionbt transmission 2.01
transmissionbt transmission 2.61
transmissionbt transmission 1.61
transmissionbt transmission 1.71
transmissionbt transmission 0.82
transmissionbt transmission 1.2
transmissionbt transmission 1.06
transmissionbt transmission 1.11
transmissionbt transmission 1.76
transmissionbt transmission 2.00
transmissionbt transmission 1.74
transmissionbt transmission 1.21
transmissionbt transmission 1.72
transmissionbt transmission 1.00
transmissionbt transmission 2.22
transmissionbt transmission 1.82
transmissionbt transmission 1.30
transmissionbt transmission 1.93
transmissionbt transmission 2.21
transmissionbt transmission 1.52
canonical ubuntu_linux 11.10
transmissionbt transmission 2.11
transmissionbt transmission 2.60
transmissionbt transmission 1.70
transmissionbt transmission 2.40
transmissionbt transmission 1.31
transmissionbt transmission 1.41
transmissionbt transmission 1.22
transmissionbt transmission 1.01
transmissionbt transmission 1.92
transmissionbt transmission 0.90
transmissionbt transmission 2.04
fedoraproject fedora 16
transmissionbt transmission 2.20
transmissionbt transmission 0.95
transmissionbt transmission 0.92
transmissionbt transmission 2.12
transmissionbt transmission 1.02
transmissionbt transmission 0.71
transmissionbt transmission 0.5
transmissionbt transmission 1.77
transmissionbt transmission 0.91
transmissionbt transmission 0.93
transmissionbt transmission 0.6
transmissionbt transmission 0.72
transmissionbt transmission 0.6.1
transmissionbt transmission 0.3
transmissionbt transmission 2.71
transmissionbt transmission 1.32
canonical ubuntu_linux 12.04
transmissionbt transmission 1.80
transmissionbt transmission 0.4
CVE-2014-4909 MEDIUM

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
transmissionbt transmission 1.40
transmissionbt transmission 1.04
transmissionbt transmission 0.94
transmissionbt transmission 2.10
transmissionbt transmission 2.42
transmissionbt transmission 1.42
transmissionbt transmission 1.75
transmissionbt transmission 2.50
transmissionbt transmission 2.33
transmissionbt transmission 0.96
transmissionbt transmission 1.91
transmissionbt transmission 1.51
transmissionbt transmission 2.72
transmissionbt transmission 1.50
transmissionbt transmission 1.90
transmissionbt transmission 1.20
transmissionbt transmission 0.2
transmissionbt transmission 1.81
transmissionbt transmission 2.13
transmissionbt transmission 2.30
transmissionbt transmission 1.60
transmissionbt transmission 2.73
transmissionbt transmission 2.81
transmissionbt transmission 1.54
transmissionbt transmission 2.41
transmissionbt transmission 2.03
gentoo linux *
transmissionbt transmission 1.83
transmissionbt transmission 1.33
transmissionbt transmission 1.53
transmissionbt transmission 1.73
transmissionbt transmission 2.31
transmissionbt transmission *
transmissionbt transmission 1.03
transmissionbt transmission 2.51
transmissionbt transmission 1.34
transmissionbt transmission 0.70
transmissionbt transmission 0.1
transmissionbt transmission 1.05
transmissionbt transmission 0.81
transmissionbt transmission 2.32
transmissionbt transmission 1.10
transmissionbt transmission 2.02
transmissionbt transmission 0.80
transmissionbt transmission 2.52
transmissionbt transmission 2.70
transmissionbt transmission 2.77
fedoraproject fedora 20
transmissionbt transmission 2.01
transmissionbt transmission 2.61
transmissionbt transmission 2.82
transmissionbt transmission 1.61
transmissionbt transmission 1.71
transmissionbt transmission 0.82
transmissionbt transmission 1.2
transmissionbt transmission 1.06
transmissionbt transmission 1.11
transmissionbt transmission 1.76
transmissionbt transmission 2.00
transmissionbt transmission 1.74
transmissionbt transmission 1.21
transmissionbt transmission 1.72
transmissionbt transmission 1.00
transmissionbt transmission 2.22
transmissionbt transmission 1.82
transmissionbt transmission 1.30
transmissionbt transmission 1.93
transmissionbt transmission 2.21
transmissionbt transmission 1.52
transmissionbt transmission 2.80
transmissionbt transmission 2.11
transmissionbt transmission 2.60
transmissionbt transmission 2.74
transmissionbt transmission 1.70
transmissionbt transmission 2.40
transmissionbt transmission 1.31
transmissionbt transmission 1.41
transmissionbt transmission 1.22
transmissionbt transmission 1.01
transmissionbt transmission 1.92
transmissionbt transmission 0.90
transmissionbt transmission 2.04
transmissionbt transmission 2.20
canonical ubuntu_linux 14.04
transmissionbt transmission 0.95
transmissionbt transmission 0.92
transmissionbt transmission 2.12
transmissionbt transmission 1.02
transmissionbt transmission 0.71
transmissionbt transmission 2.75
transmissionbt transmission 0.5
transmissionbt transmission 1.77
transmissionbt transmission 0.91
transmissionbt transmission 0.93
transmissionbt transmission 0.6
transmissionbt transmission 0.72
transmissionbt transmission 0.6.1
canonical ubuntu_linux 13.10
transmissionbt transmission 0.3
transmissionbt transmission 2.71
transmissionbt transmission 2.76
transmissionbt transmission 1.32
canonical ubuntu_linux 12.04
transmissionbt transmission 1.80
transmissionbt transmission 0.4
CVE-2018-10756 MEDIUM

Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
fedoraproject fedora 31
debian debian_linux 8.0
debian debian_linux 9.0
transmissionbt transmission *
fedoraproject fedora 32
CVE-2018-5702 MEDIUM

Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
debian debian_linux 8.0
debian debian_linux 9.0
transmissionbt transmission *
debian debian_linux 7.0