CVE-2008-0364
published 2008-01-18CVE-2008-0364: Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows…
PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
8.89%
94.6th percentile
Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.
Affected
89 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bittorrent | bittorrent | <= 6.0.1 | — |
| bittorrent | bittorrent | <= 6.0 | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xw3m-wfv2-qhh9: Buffer overflow in the web interface in BitTorrent 6
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2008-7166 [MEDIUM] CWE-119 GHSA-xw3m-wfv2-qhh9: Buffer overflow in the web interface in BitTorrent 6
Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364.
GHSA
GHSA-q395-g9g3-9q27: Buffer overflow in (1) BitTorrent 6
ghsa_unreviewed·2022-05-01
CVE-2008-0364 [MEDIUM] CWE-119 GHSA-q395-g9g3-9q27: Buffer overflow in (1) BitTorrent 6
Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.
Red Hat
Bittorent uses wcscpy() unsafely
vendor_redhat·CVSS 5.0
CVE-2008-0364 [MEDIUM] Bittorent uses wcscpy() unsafely
Bittorent uses wcscpy() unsafely
Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.
No detection rules found.
Bugzilla
CVE-2008-0364 Bittorent uses wcscpy() unsafely
bugzilla·2008-01-18·CVSS 5.0
CVE-2008-0364 [MEDIUM] CVE-2008-0364 Bittorent uses wcscpy() unsafely
CVE-2008-0364 Bittorent uses wcscpy() unsafely
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0364 to the following vulnerability:
Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent
1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series;
on Windows allows remote attackers to cause a denial of service
(application crash) via a long Unicode string representing a client
version identifier.
References:
http://aluigi.altervista.org/adv/ruttorrent-adv.txt
Discussion:
This seems to be Windows-only. The exploit code does nothing to our bittorrent,
it is written in python and never calls wcscpy().
Bugzilla
CVE-2007-2692 mysql SECURITY INVOKER functions do not drop privileges
bugzilla·2007-05-29·CVSS 6.0
CVE-2007-2692 [MEDIUM] CVE-2007-2692 mysql SECURITY INVOKER functions do not drop privileges
CVE-2007-2692 mysql SECURITY INVOKER functions do not drop privileges
Description of problem:
Functions declared as SECURITY INVOKER do not drop privileges upon
return and thus make it possible for an authenticated user calling
then can gain certain privileges.
Version-Release number of selected component (if applicable):
MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18
Discussion:
This issue was addressed in:
Red Hat Application Stack:
http://rhn.redhat.com/errata/RHSA-2007-0894.html
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0364.html
---
Reporter changed to [email protected] by request of Jay Turner.
Bugzilla
CVE-2006-4031 MySQL improper permission revocation
bugzilla·2006-08-11·CVSS 2.1
CVE-2006-4031 [LOW] CVE-2006-4031 MySQL improper permission revocation
CVE-2006-4031 MySQL improper permission revocation
MySQL improper permission revocation
If a user has been granted permissions to create a MERGE table, even
after permissions have been revoked from the parent table, the user
can access the data via the MERGE table.
More information including a patch can be found here:
http://bugs.mysql.com/bug.php?id=15195
Discussion:
moving to security response parent bug
---
This issue was addressed in:
Red Hat Application Stack:
http://rhn.redhat.com/errata/RHSA-2007-0083.html
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0364.html
http://rhn.redhat.com/errata/RHSA-2008-0768.html
http://aluigi.altervista.org/adv/ruttorrent-adv.txthttp://aluigi.org/poc/ruttorrent.ziphttp://download.utorrent.com/1.7.6/utorrent-1.7.6.txthttp://forum.utorrent.com/viewtopic.php?id=29330http://secunia.com/advisories/28533http://secunia.com/advisories/28537http://securityreason.com/securityalert/3554http://www.securityfocus.com/archive/1/486426/100/0/threadedhttp://www.securityfocus.com/bid/27321https://exchange.xforce.ibmcloud.com/vulnerabilities/39719https://exchange.xforce.ibmcloud.com/vulnerabilities/39720http://aluigi.altervista.org/adv/ruttorrent-adv.txthttp://aluigi.org/poc/ruttorrent.ziphttp://download.utorrent.com/1.7.6/utorrent-1.7.6.txthttp://forum.utorrent.com/viewtopic.php?id=29330http://secunia.com/advisories/28533http://secunia.com/advisories/28537http://securityreason.com/securityalert/3554http://www.securityfocus.com/archive/1/486426/100/0/threadedhttp://www.securityfocus.com/bid/27321https://exchange.xforce.ibmcloud.com/vulnerabilities/39719https://exchange.xforce.ibmcloud.com/vulnerabilities/39720
2008-01-18
Published