uTorrent buffer overflow

In uTorrent è stato trovato un punto critico di livello critico. É interessato una funzione sconosciuta. La manipolazione di un input sconosciuto se causa una vulnerabilità di classe buffer overflow. L'advisory è scaricabile da bugs.chromium.org. La pubblicazione è stata coordinata con la ditta produttrice. Questa vulnerabilità è identificata come CVE-2018-25042. Nella rete si effettua l'attacco. È stato dichiarato come non definito. Il miglior modo suggerito per attenuare il problema è aggiornamento all'ultima versione. Una possibile soluzione è stata pubblicata già prima e non dopo la pubblicazione della vulnerabilità.

Campo04/06/2022 14:2610/02/2023 09:5210/02/2023 09:55
nameuTorrentuTorrentuTorrent
risk222
cvss2_vuldb_basescore5.15.15.1
cvss2_vuldb_tempscore4.44.44.4
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss3_meta_basescore5.05.06.3
cvss3_meta_tempscore4.84.86.2
cvss3_vuldb_basescore5.05.05.0
cvss3_vuldb_tempscore4.84.84.8
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
advisoryquoteThe utorrent binary disables ASLR and /GS. This is a really bad idea. (Note that the binary is UPX packed, but this doesn't change any security properties).The utorrent binary disables ASLR and /GS. This is a really bad idea. (Note that the binary is UPX packed, but this doesn't change any security properties).The utorrent binary disables ASLR and /GS. This is a really bad idea. (Note that the binary is UPX packed, but this doesn't change any security properties).
date1517356800 (31/01/2018)1517356800 (31/01/2018)1517356800 (31/01/2018)
locationWebsiteWebsiteWebsite
typeBug ReportBug ReportBug Report
urlhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1524https://bugs.chromium.org/p/project-zero/issues/detail?id=1524https://bugs.chromium.org/p/project-zero/issues/detail?id=1524
coordination111
person_nameTavis OrmandyTavis OrmandyTavis Ormandy
person_nicknametavisotavisotaviso
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
mischttps://www.scmagazineuk.com/utorrent-apps-vulnerable-to-remote-code-execution-information-disclosure/article/746248/https://www.scmagazineuk.com/utorrent-apps-vulnerable-to-remote-code-execution-information-disclosure/article/746248/https://www.scmagazineuk.com/utorrent-apps-vulnerable-to-remote-code-execution-information-disclosure/article/746248/
seealso113803 113804 113806 113807113803 113804 113806 113807113803 113804 113806 113807
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcCCC
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
typePeer-to-Peer SoftwarePeer-to-Peer SoftwarePeer-to-Peer Software
cwe119 (buffer overflow)119 (buffer overflow)119 (buffer overflow)
cveCVE-2018-25042CVE-2018-25042CVE-2018-25042
responsibleVulDBVulDBVulDB
cve_assigned1654293600 (04/06/2022)1654293600 (04/06/2022)
cve_nvd_summaryA vulnerability classified as critical has been found in uTorrent. This affects an unknown part. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component.A vulnerability classified as critical has been found in uTorrent. This affects an unknown part. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiP
cvss2_nvd_aiP
cvss3_cna_avN
cvss3_cna_acH
cvss3_cna_prN
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iL
cvss3_cna_aL
cve_cnaVulDB
cvss2_nvd_basescore6.8
cvss3_nvd_basescore8.8
cvss3_cna_basescore5.0

PrecedenteVisione D'insiemeIl prossimo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!