CVE-2012-6129
HIGH severity · CVSS 7.5 · Memory corruption
7.5CVSS HIGH
Summary
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)5%
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: https://trac.transmissionbt.com/changeset/13646 ↗
Additional information
- NVD record
- https://trac.transmissionbt.com/changeset/13646Patch
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html
- http://www.openwall.com/lists/oss-security/2013/02/13/1
- http://www.ubuntu.com/usn/USN-1747-1
- https://bugzilla.redhat.com/show_bug.cgi?id=909934
- https://trac.transmissionbt.com/ticket/5002