High severity8.8NVD Advisory· Published Jan 8, 2010· Updated Apr 23, 2026
CVE-2010-0012
CVE-2010-0012
Description
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
Affected products
8cpe:2.3:a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- trac.transmissionbt.com/changeset/9829/nvdPatch
- www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.htmlnvdPatch
- launchpad.net/bugs/500625nvdIssue TrackingPatch
- www.debian.org/security/2010/dsa-1967nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/55454nvdThird Party AdvisoryVDB Entry
- lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlnvdMailing List
- secunia.com/advisories/37993nvdBroken Link
- secunia.com/advisories/38005nvdBroken Link
- security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gznvdBroken Link
- trac.transmissionbt.com/wiki/ChangesnvdBroken Link
- www.openwall.com/lists/oss-security/2010/01/06/2nvdMailing List
- www.openwall.com/lists/oss-security/2010/01/06/4nvdMailing List
- www.vupen.com/english/advisories/2010/0071nvdPermissions Required
News mentions
0No linked articles in our index yet.