transmission up to 1.91 Magnet Link Argument input validation

Summaryinfo

A vulnerability described as problematic has been identified in transmission up to 1.91. This affects an unknown part of the component Magnet Link Handler. Such manipulation as part of Argument leads to input validation. This vulnerability is traded as CVE-2010-0748. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability was found in transmission up to 1.91. It has been rated as problematic. Affected by this issue is an unknown code block of the component Magnet Link Handler. The manipulation as part of a Argument leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. Impacted is availability. CVE summarizes:

Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.

The weakness was shared 10/30/2019 (oss-sec). The advisory is available at openwall.com. This vulnerability is handled as CVE-2010-0748 since 02/26/2010. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. The technical details are unknown and an exploit is not available.

The vulnerability scanner Nessus provides a plugin with the ID 45463 (openSUSE Security Update : transmission (openSUSE-SU-2010:0089-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family SuSE Local Security Checks and running in the context l.

Upgrading to version 1.92 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (45463). The entry VDB-144675 is related to this item. If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Name

• transmission

Version

• 1.0
• 1.1
• 1.2
• 1.3
• 1.4
• 1.5
• 1.6
• 1.7
• 1.8
• 1.9
• 1.10
• 1.11
• 1.12
• 1.13
• 1.14
• 1.15
• 1.16
• 1.17
• 1.18
• 1.19
• 1.20
• 1.21
• 1.22
• 1.23
• 1.24
• 1.25
• 1.26
• 1.27
• 1.28
• 1.29
• 1.30
• 1.31
• 1.32
• 1.33
• 1.34
• 1.35
• 1.36
• 1.37
• 1.38
• 1.39
• 1.40
• 1.41
• 1.42
• 1.43
• 1.44
• 1.45
• 1.46
• 1.47
• 1.48
• 1.49
• 1.50
• 1.51
• 1.52
• 1.53
• 1.54
• 1.55
• 1.56
• 1.57
• 1.58
• 1.59
• 1.60
• 1.61
• 1.62
• 1.63
• 1.64
• 1.65
• 1.66
• 1.67
• 1.68
• 1.69
• 1.70
• 1.71
• 1.72
• 1.73
• 1.74
• 1.75
• 1.76
• 1.77
• 1.78
• 1.79
• 1.80
• 1.81
• 1.82
• 1.83
• 1.84
• 1.85
• 1.86
• 1.87
• 1.88
• 1.89
• 1.90
• 1.91

Website

• Product: https://github.com/transmission/transmission/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion