Unrated severityNVD Advisory· Published Jul 29, 2014· Updated May 6, 2026
CVE-2014-4909
CVE-2014-4909
Description
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
Affected products
105cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*+ 99 more
- cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*range: <=2.83
- cpe:2.3:a:transmissionbt:transmission:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.70:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.71:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.72:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.80:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.81:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.82:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.94:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.06:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.30:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.31:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.33:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.40:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.41:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.42:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.50:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.51:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.52:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.53:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.54:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.60:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.61:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.70:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.71:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.72:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.73:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.74:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.77:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.80:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.81:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.82:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.83:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.90:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.92:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:1.93:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.00:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.01:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.02:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.03:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.04:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.10:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.11:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.12:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.13:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.20:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.21:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.22:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.30:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.31:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.32:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.33:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.40:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.41:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.42:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.50:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.51:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.52:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.60:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.61:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.70:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.71:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.72:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.73:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.74:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.75:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.76:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.77:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.80:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.81:*:*:*:*:*:*:*
- cpe:2.3:a:transmissionbt:transmission:2.82:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- inertiawar.com/submission.gonvdExploit
- trac.transmissionbt.com/wiki/ChangesnvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-08/msg00011.htmlnvd
- secunia.com/advisories/59897nvd
- secunia.com/advisories/60108nvd
- secunia.com/advisories/60527nvd
- www.debian.org/security/2014/dsa-2988nvd
- www.openwall.com/lists/oss-security/2014/07/10/4nvd
- www.openwall.com/lists/oss-security/2014/07/11/5nvd
- www.osvdb.org/108997nvd
- www.securityfocus.com/bid/68487nvd
- www.ubuntu.com/usn/USN-2279-1nvd
- bugs.gentoo.org/show_bug.cginvd
- bugzilla.redhat.com/show_bug.cginvd
- twitter.com/benhawkes/statuses/484378151959539712nvd
News mentions
0No linked articles in our index yet.