Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2014-4909

Published: 29/07/2014 Updated: 14/11/2014
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Canonical

Vulnerability Summary

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission prior to 2.84 allows remote malicious users to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 13.10

canonical ubuntu linux 14.04

gentoo linux

fedoraproject fedora 20

canonical ubuntu linux 12.04

transmissionbt transmission 2.75

transmissionbt transmission 2.74

transmissionbt transmission 2.52

transmissionbt transmission 2.51

transmissionbt transmission 2.31

transmissionbt transmission 2.30

transmissionbt transmission 2.04

transmissionbt transmission 2.03

transmissionbt transmission 1.90

transmissionbt transmission 1.83

transmissionbt transmission 1.74

transmissionbt transmission 1.73

transmissionbt transmission 1.52

transmissionbt transmission 1.51

transmissionbt transmission 1.32

transmissionbt transmission 1.31

transmissionbt transmission 1.10

transmissionbt transmission 1.06

transmissionbt transmission 1.05

transmissionbt transmission 0.95

transmissionbt transmission 0.94

transmissionbt transmission 0.80

transmissionbt transmission 0.72

transmissionbt transmission 0.2

transmissionbt transmission 0.1

transmissionbt transmission 2.82

transmissionbt transmission 2.81

transmissionbt transmission 2.80

transmissionbt transmission 2.71

transmissionbt transmission 2.70

transmissionbt transmission 2.41

transmissionbt transmission 2.40

transmissionbt transmission 2.13

transmissionbt transmission

transmissionbt transmission 2.73

transmissionbt transmission 2.72

transmissionbt transmission 2.50

transmissionbt transmission 2.42

transmissionbt transmission 2.22

transmissionbt transmission 2.21

transmissionbt transmission 2.20

transmissionbt transmission 2.02

transmissionbt transmission 2.01

transmissionbt transmission 1.82

transmissionbt transmission 1.81

transmissionbt transmission 1.72

transmissionbt transmission 1.71

transmissionbt transmission 1.70

transmissionbt transmission 1.50

transmissionbt transmission 1.42

transmissionbt transmission 1.30

transmissionbt transmission 1.22

transmissionbt transmission 1.04

transmissionbt transmission 1.03

transmissionbt transmission 0.93

transmissionbt transmission 0.92

transmissionbt transmission 0.71

transmissionbt transmission 0.70

transmissionbt transmission 2.12

transmissionbt transmission 2.00

transmissionbt transmission 1.93

transmissionbt transmission 1.80

transmissionbt transmission 1.77

transmissionbt transmission 1.61

transmissionbt transmission 1.60

transmissionbt transmission 1.41

transmissionbt transmission 1.40

transmissionbt transmission 1.21

transmissionbt transmission 1.20

transmissionbt transmission 1.02

transmissionbt transmission 1.01

transmissionbt transmission 0.91

transmissionbt transmission 0.90

transmissionbt transmission 0.6.1

transmissionbt transmission 0.6

transmissionbt transmission 2.77

transmissionbt transmission 2.76

transmissionbt transmission 2.61

transmissionbt transmission 2.60

transmissionbt transmission 2.33

transmissionbt transmission 2.32

transmissionbt transmission 2.11

transmissionbt transmission 2.10

transmissionbt transmission 1.92

transmissionbt transmission 1.91

transmissionbt transmission 1.76

transmissionbt transmission 1.75

transmissionbt transmission 1.54

transmissionbt transmission 1.53

transmissionbt transmission 1.34

transmissionbt transmission 1.33

transmissionbt transmission 1.2

transmissionbt transmission 1.11

transmissionbt transmission 1.00

transmissionbt transmission 0.96

transmissionbt transmission 0.82

transmissionbt transmission 0.81

transmissionbt transmission 0.5

transmissionbt transmission 0.4

transmissionbt transmission 0.3

Vendor Advisories

Debian CVElist Bug Report Logs: transmission: CVE-2014-4909
Debian Bug report logs - #755985 transmission: CVE-2014-4909 Package: src:transmission; Maintainer for src:transmission is Sandro Tosi <morph@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 25 Jul 2014 06:45:01 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in versio ...
Ubuntu Security Notice: transmission vulnerability
Transmission could be made to crash or run programs if it received specially crafted network traffic ...
Amazon Linux AMI: ALAS-2014-390
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfieldc in Transmission before 284 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write ...

References

CWE-189http://www.osvdb.org/108997http://www.debian.org/security/2014/dsa-2988http://secunia.com/advisories/59897http://www.openwall.com/lists/oss-security/2014/07/11/5http://secunia.com/advisories/60527https://twitter.com/benhawkes/statuses/484378151959539712https://bugs.gentoo.org/show_bug.cgi?id=516822http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.htmlhttp://www.openwall.com/lists/oss-security/2014/07/10/4http://inertiawar.com/submission.gohttp://www.ubuntu.com/usn/USN-2279-1https://bugzilla.redhat.com/show_bug.cgi?id=1118290http://www.securityfocus.com/bid/68487http://secunia.com/advisories/60108https://trac.transmissionbt.com/wiki/Changes#version-2.84http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755985https://usn.ubuntu.com/2279-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook