Opened 15 years ago

Closed 15 years ago

#667 closed Bug (fixed)

remote crash exploit in bencode parser

Reported by: ghazel Owned by:
Priority: Highest Milestone: 1.04
Component: Transmission Version: 1.03
Severity: Blocker Keywords:


When parsing a very deep bencoded message, Tranmission can get a stack overflow. That means an attacked can send a protocol extension message consisting of many "l" characaters, creating a very, very deep bencoded structure.

Tested and does crash Transmission

Change History (4)

comment:1 Changed 15 years ago by eisa01

Does this affect 1.02 too, or only the trunk?

comment:2 Changed 15 years ago by charles

It affects all versions up through, and including, 1.03

comment:3 Changed 15 years ago by charles

  • Severity changed from Critical to Blocker
  • Version changed from 1.02+ to 1.02

We're working on a fix for this for a quick 1.04 release.

comment:4 Changed 15 years ago by charles

  • Milestone changed from None Set to 1.04
  • Resolution set to fixed
  • Status changed from new to closed
  • Version changed from 1.02 to 1.03

1.0x: r4875 trunk: r4876

Note: See TracTickets for help on using tickets.