CVE-2010-0749 : Transmission before 1.92 allows attackers to prevent download of a file by corru

Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.

Published 2019-10-30 23:15:10

Updated 2020-08-18 15:05:49

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2010-0749

Debian » Debian Linux » Version: 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Transmissionbt » Transmission
Versions before (<) 1.92
cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A

EPSS FAQ

0.73%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 70 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L	3.9	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749

574527 – (CVE-2010-0748, CVE-2010-0749) CVE-2010-0748 CVE-2010-0749 Transmission: Two security fixes in upstream v1.92 version
Issue Tracking;Patch;Third Party Advisory
https://trac.transmissionbt.com/ticket/1242

#1242 (Local data can be corrupted by bad peers when Transmission accepts duplicate blocks during endgame) – Transmission
Issue Tracking;Vendor Advisory
https://www.openwall.com/lists/oss-security/2010/04/01/9

oss-security - Re: CVE Request -- Transmission v1.92
Mailing List;Patch;Third Party Advisory

CVEs referencing this url
https://security-tracker.debian.org/tracker/CVE-2010-0749

CVE-2010-0749
Third Party Advisory
https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314

Release Notes · transmission/transmission Wiki · GitHub
Release Notes;Third Party Advisory

CVEs referencing this url

Jump to