CVE-2009-1759
published 2009-05-22CVE-2009-1759: Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and…
PriorityP352critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
14.14%
96.1th percentile
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | ctorrent | < ctorrent 1.3.4-dnh3.2-1.1 (bookworm) | ctorrent 1.3.4-dnh3.2-1.1 (bookworm) |
| rahul | ctorrent | — | — |
| rahul | ctorrent | >= 0 < 1.3.4-dnh3.2-1.1 | 1.3.4-dnh3.2-1.1 |
| rahul | ctorrent | >= 0 < 1.3.4-dnh3.2-1.1 | 1.3.4-dnh3.2-1.1 |
| rahul | ctorrent | >= 0 < 1.3.4-dnh3.2-1.1 | 1.3.4-dnh3.2-1.1 |
| rahul | ctorrent | >= 0 < 1.3.4-dnh3.2-1.1 | 1.3.4-dnh3.2-1.1 |
| rahul | dtorrent | — | — |
| rahul | dtorrent | — | — |
| rahul | dtorrent | — | — |
| rahul | dtorrent | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3MEDIUM
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
ctorrent: stack-based buffer overflow vulnerability
vendor_redhat·2009-04-20·CVSS 9.3
CVE-2009-1759 [CRITICAL] CWE-121 ctorrent: stack-based buffer overflow vulnerability
ctorrent: stack-based buffer overflow vulnerability
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
Debian
CVE-2009-1759: ctorrent - Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles....
vendor_debian·2009·CVSS 9.3
CVE-2009-1759 [CRITICAL] CVE-2009-1759: ctorrent - Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles....
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
Scope: local
bookworm: resolved (fixed in 1.3.4-dnh3.2-1.1)
bullseye: resolved (fixed in 1.3.4-dnh3.2-1.1)
forky: resolved (fixed in 1.3.4-dnh3.2-1.1)
sid: resolved (fixed in 1.3.4-dnh3.2-1.1)
trixie: resolved (fixed in 1.3.4-dnh3.2-1.1)
GHSA
GHSA-chfx-pv5j-438m: Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles
ghsa_unreviewed·2022-05-02
CVE-2009-1759 [HIGH] CWE-119 GHSA-chfx-pv5j-438m: Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
OSV
CVE-2009-1759: Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles
osv·2009-05-22·CVSS 9.3
CVE-2009-1759 [CRITICAL] CVE-2009-1759: Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
No detection rules found.
http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patchhttp://secunia.com/advisories/34752http://secunia.com/advisories/35499http://secunia.com/advisories/36471http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959http://www.debian.org/security/2009/dsa-1817http://www.openwall.com/lists/oss-security/2009/05/20/3http://www.securityfocus.com/bid/34584http://www.vupen.com/english/advisories/2009/1092https://bugzilla.redhat.com/show_bug.cgi?id=501813https://exchange.xforce.ibmcloud.com/vulnerabilities/49959https://www.exploit-db.com/exploits/8470https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01010.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg01102.htmlhttp://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patchhttp://secunia.com/advisories/34752http://secunia.com/advisories/35499http://secunia.com/advisories/36471http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959http://www.debian.org/security/2009/dsa-1817http://www.openwall.com/lists/oss-security/2009/05/20/3http://www.securityfocus.com/bid/34584http://www.vupen.com/english/advisories/2009/1092https://bugzilla.redhat.com/show_bug.cgi?id=501813https://exchange.xforce.ibmcloud.com/vulnerabilities/49959https://www.exploit-db.com/exploits/8470https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01010.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg01102.html
2009-05-22
Published