CVE-2010-1853 - OpenCVE

Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Transmissionbt	Transmission

Configuration 1 [-]

cpe:2.3:a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/39031	Vendor Advisory
http://trac.transmissionbt.com/changeset/10279
http://trac.transmissionbt.com/ticket/2965
http://trac.transmissionbt.com/wiki/Changes
http://www.osvdb.org/63066
http://www.securityfocus.com/bid/38814	Patch
http://www.vupen.com/english/advisories/2010/0655	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:21:00

Updated: 2022-10-03T16:21:00

Reserved: 2022-10-03T00:00:00

Link: CVE-2010-1853

JSON object: View

NVD Information

Status : Analyzed

Published: 2010-05-07T20:30:01.093

Modified: 2010-05-11T04:00:00.000

Link: CVE-2010-1853

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:21:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "38814", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38814"}, {"name": "63066", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/63066"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://trac.transmissionbt.com/wiki/Changes"}, {"name": "ADV-2010-0655", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0655"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://trac.transmissionbt.com/ticket/2965"}, {"name": "39031", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39031"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://trac.transmissionbt.com/changeset/10279"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-1853", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "38814", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38814"}, {"name": "63066", "refsource": "OSVDB", "url": "http://www.osvdb.org/63066"}, {"name": "http://trac.transmissionbt.com/wiki/Changes", "refsource": "CONFIRM", "url": "http://trac.transmissionbt.com/wiki/Changes"}, {"name": "ADV-2010-0655", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0655"}, {"name": "http://trac.transmissionbt.com/ticket/2965", "refsource": "CONFIRM", "url": "http://trac.transmissionbt.com/ticket/2965"}, {"name": "39031", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39031"}, {"name": "http://trac.transmissionbt.com/changeset/10279", "refsource": "CONFIRM", "url": "http://trac.transmissionbt.com/changeset/10279"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-1853", "datePublished": "2022-10-03T16:21:00", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:21:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*", "matchCriteriaId": "AFAC0FAB-F158-4E2F-B7AC-FFE63BA565D7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de b\u00fafer basado en pila en la funci\u00f3n tr_magnetParse en libtransmission/magnet.c en Transmission v1.91, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de una URL manipulada con un n\u00famero de enlaces (1) tr o (2) ws muy grande."}], "id": "CVE-2010-1853", "lastModified": "2010-05-11T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-05-07T20:30:01.093", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39031"}, {"source": "cve@mitre.org", "url": "http://trac.transmissionbt.com/changeset/10279"}, {"source": "cve@mitre.org", "url": "http://trac.transmissionbt.com/ticket/2965"}, {"source": "cve@mitre.org", "url": "http://trac.transmissionbt.com/wiki/Changes"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/63066"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/38814"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0655"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}