uTorrent memory corruption

A vulnerability classified as critical has been found in uTorrent. This affects an unknown part. The manipulation leads to memory corruption. The CWE definition for the vulnerability is CWE-119. The weakness was published 01/31/2018 by Tavis Ormandy (taviso) as Bug Report (Website). The advisory is shared at bugs.chromium.org. The public release was coordinated in cooperation with the vendor. This vulnerability is uniquely identified as CVE-2018-25042. It is possible to initiate the attack remotely. There are no technical details available. There is no exploit available. The price for an exploit might be around USD $0-$5k at the moment. It is declared as not defined. We expect the 0-day to have been worth approximately $0-$5k. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

Field06/04/2022 14:2602/10/2023 09:5202/10/2023 09:55
nameuTorrentuTorrentuTorrent
risk222
cvss2_vuldb_basescore5.15.15.1
cvss2_vuldb_tempscore4.44.44.4
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore5.05.06.3
cvss3_meta_tempscore4.84.86.2
cvss3_vuldb_basescore5.05.05.0
cvss3_vuldb_tempscore4.84.84.8
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
advisoryquoteThe utorrent binary disables ASLR and /GS. This is a really bad idea. (Note that the binary is UPX packed, but this doesn't change any security properties).The utorrent binary disables ASLR and /GS. This is a really bad idea. (Note that the binary is UPX packed, but this doesn't change any security properties).The utorrent binary disables ASLR and /GS. This is a really bad idea. (Note that the binary is UPX packed, but this doesn't change any security properties).
date1517356800 (01/31/2018)1517356800 (01/31/2018)1517356800 (01/31/2018)
locationWebsiteWebsiteWebsite
typeBug ReportBug ReportBug Report
urlhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1524https://bugs.chromium.org/p/project-zero/issues/detail?id=1524https://bugs.chromium.org/p/project-zero/issues/detail?id=1524
coordination111
person_nameTavis OrmandyTavis OrmandyTavis Ormandy
person_nicknametavisotavisotaviso
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
mischttps://www.scmagazineuk.com/utorrent-apps-vulnerable-to-remote-code-execution-information-disclosure/article/746248/https://www.scmagazineuk.com/utorrent-apps-vulnerable-to-remote-code-execution-information-disclosure/article/746248/https://www.scmagazineuk.com/utorrent-apps-vulnerable-to-remote-code-execution-information-disclosure/article/746248/
seealso113803 113804 113806 113807113803 113804 113806 113807113803 113804 113806 113807
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
typePeer-to-Peer SoftwarePeer-to-Peer SoftwarePeer-to-Peer Software
cwe119 (memory corruption)119 (memory corruption)119 (memory corruption)
cveCVE-2018-25042CVE-2018-25042CVE-2018-25042
responsibleVulDBVulDBVulDB
cve_assigned1654293600 (06/04/2022)1654293600 (06/04/2022)
cve_nvd_summaryA vulnerability classified as critical has been found in uTorrent. This affects an unknown part. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component.A vulnerability classified as critical has been found in uTorrent. This affects an unknown part. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avN
cvss3_cna_acH
cvss3_cna_prN
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore6.8
cvss3_nvd_basescore8.8
cvss3_cna_basescore5.0

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!