Integer Overflow Vulnerability in Transmission by The Transmission Project
CVE-2014-4909

Currently unrated

Key Information:

Vendor: Canonical
Status: Ubuntu Linux; Fedora; Linux
Vendor: CVE Published:; 29 July 2014

Summary

An integer overflow vulnerability exists in the tr_bitfieldEnsureNthBitAlloced function within the bitfield.c file of Transmission versions prior to 2.84. This flaw enables remote attackers to send specially crafted peer messages that may cause a denial of service or potentially allow arbitrary code execution due to out-of-bounds write conditions. Users of affected versions are advised to update their software to mitigate risks associated with this vulnerability.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

https://trac.transmissionbt.com/wiki/Changes#version-2.84

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2014/07/10/4

mailing-listx_refsource_MLIST

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 29, 2014
Vulnerability Reserved
Jul 11, 2014