CVE-2009-1760 — Path Traversal in Libtorrent-rasterbar

CWE-22 — Path Traversal6 documents6 sources

Severity

5.8MEDIUMNVD

EPSS

0.8%

top 25.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Libtorrent-rasterbar Rasterbar Software Libtorrent

Timeline

PublishedJun 11

Latest updateMay 2

Description

Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶debiandebian/libtorrent-rasterbar< libtorrent-rasterbar 0.14.4-1 (bookworm)

▶NVDrasterbar_software/libtorrent0.14.3+3

Patches

Patch: census-labs.com ↗Patch: sourceforge.net ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-6fc9-hr4q-q8mm: Directory traversal vulnerability in src/torrent_info↗2022-05-02

▶

OSV

CVE-2009-1760: Directory traversal vulnerability in src/torrent_info↗2009-06-11

▶

📋Vendor Advisories

Debian

CVE-2009-1760: libtorrent-rasterbar - Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorren...↗2009

▶

Red Hat

rb_libtorrent: arbitrary file overwrite vulnerability↗

▶

💬Community

Bugzilla

CVE-2009-1760 rb_libtorrent: arbitrary file overwrite vulnerability↗2009-06-12

▶