Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 11.0 |
| opensuse | opensuse | 11.1 |
| transmissionbt | transmission | 1.34 |
| opensuse | opensuse | 11.2 |
| transmissionbt | transmission | 1.22 |
| debian | debian_linux | 5.0 |
| transmissionbt | transmission | 1.76 |
| transmissionbt | transmission | 1.75 |
Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| transmissionbt | transmission | 1.91 |
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| transmissionbt | transmission | 1.40 |
| transmissionbt | transmission | 1.04 |
| transmissionbt | transmission | 0.94 |
| transmissionbt | transmission | 2.10 |
| canonical | ubuntu_linux | 12.10 |
| transmissionbt | transmission | 2.42 |
| transmissionbt | transmission | 1.42 |
| transmissionbt | transmission | 1.75 |
| transmissionbt | transmission | 2.50 |
| transmissionbt | transmission | 2.33 |
| transmissionbt | transmission | 0.96 |
| transmissionbt | transmission | 1.91 |
| transmissionbt | transmission | 1.51 |
| transmissionbt | transmission | 2.72 |
| transmissionbt | transmission | 1.50 |
| transmissionbt | transmission | 1.90 |
| transmissionbt | transmission | 1.20 |
| transmissionbt | transmission | 0.2 |
| transmissionbt | transmission | 1.81 |
| transmissionbt | transmission | 2.13 |
| transmissionbt | transmission | 2.30 |
| transmissionbt | transmission | 1.60 |
| transmissionbt | transmission | 1.54 |
| transmissionbt | transmission | 2.41 |
| transmissionbt | transmission | 2.03 |
| transmissionbt | transmission | 1.83 |
| transmissionbt | transmission | 1.33 |
| transmissionbt | transmission | 1.53 |
| transmissionbt | transmission | 1.73 |
| transmissionbt | transmission | 2.31 |
| transmissionbt | transmission | * |
| transmissionbt | transmission | 1.03 |
| transmissionbt | transmission | 2.51 |
| transmissionbt | transmission | 1.34 |
| transmissionbt | transmission | 0.70 |
| transmissionbt | transmission | 0.1 |
| transmissionbt | transmission | 1.05 |
| transmissionbt | transmission | 0.81 |
| transmissionbt | transmission | 2.32 |
| transmissionbt | transmission | 1.10 |
| transmissionbt | transmission | 2.02 |
| transmissionbt | transmission | 0.80 |
| transmissionbt | transmission | 2.52 |
| transmissionbt | transmission | 2.70 |
| transmissionbt | transmission | 2.01 |
| transmissionbt | transmission | 2.61 |
| transmissionbt | transmission | 1.61 |
| transmissionbt | transmission | 1.71 |
| transmissionbt | transmission | 0.82 |
| transmissionbt | transmission | 1.2 |
| transmissionbt | transmission | 1.06 |
| transmissionbt | transmission | 1.11 |
| transmissionbt | transmission | 1.76 |
| transmissionbt | transmission | 2.00 |
| transmissionbt | transmission | 1.74 |
| transmissionbt | transmission | 1.21 |
| transmissionbt | transmission | 1.72 |
| transmissionbt | transmission | 1.00 |
| transmissionbt | transmission | 2.22 |
| transmissionbt | transmission | 1.82 |
| transmissionbt | transmission | 1.30 |
| transmissionbt | transmission | 1.93 |
| transmissionbt | transmission | 2.21 |
| transmissionbt | transmission | 1.52 |
| canonical | ubuntu_linux | 11.10 |
| transmissionbt | transmission | 2.11 |
| transmissionbt | transmission | 2.60 |
| transmissionbt | transmission | 1.70 |
| transmissionbt | transmission | 2.40 |
| transmissionbt | transmission | 1.31 |
| transmissionbt | transmission | 1.41 |
| transmissionbt | transmission | 1.22 |
| transmissionbt | transmission | 1.01 |
| transmissionbt | transmission | 1.92 |
| transmissionbt | transmission | 0.90 |
| transmissionbt | transmission | 2.04 |
| fedoraproject | fedora | 16 |
| transmissionbt | transmission | 2.20 |
| transmissionbt | transmission | 0.95 |
| transmissionbt | transmission | 0.92 |
| transmissionbt | transmission | 2.12 |
| transmissionbt | transmission | 1.02 |
| transmissionbt | transmission | 0.71 |
| transmissionbt | transmission | 0.5 |
| transmissionbt | transmission | 1.77 |
| transmissionbt | transmission | 0.91 |
| transmissionbt | transmission | 0.93 |
| transmissionbt | transmission | 0.6 |
| transmissionbt | transmission | 0.72 |
| transmissionbt | transmission | 0.6.1 |
| transmissionbt | transmission | 0.3 |
| transmissionbt | transmission | 2.71 |
| transmissionbt | transmission | 1.32 |
| canonical | ubuntu_linux | 12.04 |
| transmissionbt | transmission | 1.80 |
| transmissionbt | transmission | 0.4 |
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| transmissionbt | transmission | 1.40 |
| transmissionbt | transmission | 1.04 |
| transmissionbt | transmission | 0.94 |
| transmissionbt | transmission | 2.10 |
| transmissionbt | transmission | 2.42 |
| transmissionbt | transmission | 1.42 |
| transmissionbt | transmission | 1.75 |
| transmissionbt | transmission | 2.50 |
| transmissionbt | transmission | 2.33 |
| transmissionbt | transmission | 0.96 |
| transmissionbt | transmission | 1.91 |
| transmissionbt | transmission | 1.51 |
| transmissionbt | transmission | 2.72 |
| transmissionbt | transmission | 1.50 |
| transmissionbt | transmission | 1.90 |
| transmissionbt | transmission | 1.20 |
| transmissionbt | transmission | 0.2 |
| transmissionbt | transmission | 1.81 |
| transmissionbt | transmission | 2.13 |
| transmissionbt | transmission | 2.30 |
| transmissionbt | transmission | 1.60 |
| transmissionbt | transmission | 2.73 |
| transmissionbt | transmission | 2.81 |
| transmissionbt | transmission | 1.54 |
| transmissionbt | transmission | 2.41 |
| transmissionbt | transmission | 2.03 |
| gentoo | linux | * |
| transmissionbt | transmission | 1.83 |
| transmissionbt | transmission | 1.33 |
| transmissionbt | transmission | 1.53 |
| transmissionbt | transmission | 1.73 |
| transmissionbt | transmission | 2.31 |
| transmissionbt | transmission | * |
| transmissionbt | transmission | 1.03 |
| transmissionbt | transmission | 2.51 |
| transmissionbt | transmission | 1.34 |
| transmissionbt | transmission | 0.70 |
| transmissionbt | transmission | 0.1 |
| transmissionbt | transmission | 1.05 |
| transmissionbt | transmission | 0.81 |
| transmissionbt | transmission | 2.32 |
| transmissionbt | transmission | 1.10 |
| transmissionbt | transmission | 2.02 |
| transmissionbt | transmission | 0.80 |
| transmissionbt | transmission | 2.52 |
| transmissionbt | transmission | 2.70 |
| transmissionbt | transmission | 2.77 |
| fedoraproject | fedora | 20 |
| transmissionbt | transmission | 2.01 |
| transmissionbt | transmission | 2.61 |
| transmissionbt | transmission | 2.82 |
| transmissionbt | transmission | 1.61 |
| transmissionbt | transmission | 1.71 |
| transmissionbt | transmission | 0.82 |
| transmissionbt | transmission | 1.2 |
| transmissionbt | transmission | 1.06 |
| transmissionbt | transmission | 1.11 |
| transmissionbt | transmission | 1.76 |
| transmissionbt | transmission | 2.00 |
| transmissionbt | transmission | 1.74 |
| transmissionbt | transmission | 1.21 |
| transmissionbt | transmission | 1.72 |
| transmissionbt | transmission | 1.00 |
| transmissionbt | transmission | 2.22 |
| transmissionbt | transmission | 1.82 |
| transmissionbt | transmission | 1.30 |
| transmissionbt | transmission | 1.93 |
| transmissionbt | transmission | 2.21 |
| transmissionbt | transmission | 1.52 |
| transmissionbt | transmission | 2.80 |
| transmissionbt | transmission | 2.11 |
| transmissionbt | transmission | 2.60 |
| transmissionbt | transmission | 2.74 |
| transmissionbt | transmission | 1.70 |
| transmissionbt | transmission | 2.40 |
| transmissionbt | transmission | 1.31 |
| transmissionbt | transmission | 1.41 |
| transmissionbt | transmission | 1.22 |
| transmissionbt | transmission | 1.01 |
| transmissionbt | transmission | 1.92 |
| transmissionbt | transmission | 0.90 |
| transmissionbt | transmission | 2.04 |
| transmissionbt | transmission | 2.20 |
| canonical | ubuntu_linux | 14.04 |
| transmissionbt | transmission | 0.95 |
| transmissionbt | transmission | 0.92 |
| transmissionbt | transmission | 2.12 |
| transmissionbt | transmission | 1.02 |
| transmissionbt | transmission | 0.71 |
| transmissionbt | transmission | 2.75 |
| transmissionbt | transmission | 0.5 |
| transmissionbt | transmission | 1.77 |
| transmissionbt | transmission | 0.91 |
| transmissionbt | transmission | 0.93 |
| transmissionbt | transmission | 0.6 |
| transmissionbt | transmission | 0.72 |
| transmissionbt | transmission | 0.6.1 |
| canonical | ubuntu_linux | 13.10 |
| transmissionbt | transmission | 0.3 |
| transmissionbt | transmission | 2.71 |
| transmissionbt | transmission | 2.76 |
| transmissionbt | transmission | 1.32 |
| canonical | ubuntu_linux | 12.04 |
| transmissionbt | transmission | 1.80 |
| transmissionbt | transmission | 0.4 |
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-416,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 31 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| transmissionbt | transmission | * |
| fedoraproject | fedora | 32 |
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| transmissionbt | transmission | * |
| debian | debian_linux | 7.0 |