Buffer overflow in Transmissionbt Transmission

CVE-2012-6129

Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transpor…

Vulnerability class: Buffer Overflow

EPSS: 0.027 (86.1th percentile) — read the EPSS interpretation.

Affected products

Transmissionbt Transmission — versions 0.1, 0.2, 0.3
Canonical Ubuntu_linux — versions 11.10, 12.04, 12.10
Fedoraproject Fedora — versions 16
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

openSUSE-SU-2013:0485 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_MISC)
USN-1747-1 (x_refsource_UBUNTU, vendor-advisory)
secalert@redhat.com (x_refsource_MISC)
[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely (mailing-list, x_refsource_MLIST)
secalert@redhat.com (Exploit, Patch, x_refsource_MISC)