Description
Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.
Affected products
- transmissionbt / transmission1.91 – 1.91
References
- MISChttp://www.securityfocus.com/bid/38814
- MISChttp://www.osvdb.org/63066
- MISChttp://trac.transmissionbt.com/wiki/Changes
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/0655
- MISChttp://trac.transmissionbt.com/ticket/2965
- VENDOR_ADVISORYhttp://secunia.com/advisories/39031
- MISChttp://trac.transmissionbt.com/changeset/10279