Vulnerability Details : CVE-2012-6129
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
Vulnerability category: OverflowExecute codeDenial of service
Threat overview for CVE-2012-6129
Top countries where our scanners detected CVE-2012-6129
Top open port discovered on systems with this issue
4567
IPs affected by CVE-2012-6129 260
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2012-6129!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2012-6129
Probability of exploitation activity in the next 30 days: 2.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-6129
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2012-6129
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-6129
-
https://bugzilla.redhat.com/show_bug.cgi?id=909934
909934 – (CVE-2012-6129) CVE-2012-6129 transmission: Stack-based buffer overflow (DoS) when processing acknowledgements
-
http://www.ubuntu.com/usn/USN-1747-1
USN-1747-1: Transmission vulnerability | Ubuntu security notices
-
http://www.openwall.com/lists/oss-security/2013/02/13/1
oss-security - Re: CVE request: Transmission can be made to crash remotely
-
https://trac.transmissionbt.com/changeset/13646
Changeset 13646 – TransmissionExploit;Patch
-
https://trac.transmissionbt.com/ticket/5002
#5002 (crash in UTP_ProcessIncoming()) – Transmission
-
http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html
openSUSE-SU-2013:0485-1: moderate: transmission: fixed remote denial of
Products affected by CVE-2012-6129
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.51:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.60:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.50:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.52:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.93:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.90:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.83:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.72:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.71:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.72:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.33:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.40:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.01:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.02:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.21:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.22:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.42:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.50:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.80:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.77:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.80:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.74:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.81:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.71:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.70:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.54:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.31:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.00:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.13:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.20:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.92:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.81:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.82:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.82:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.70:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.06:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.73:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.42:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.41:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.03:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.04:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.30:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.31:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.51:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.52:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.94:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.53:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.61:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.30:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.12:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.32:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.33:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.40:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.41:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.72:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.70:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.60:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.61:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.71:*:*:*:*:*:*:*